[Users] TLS and dead tcp child

Ohad.Levy at infineon.com Ohad.Levy at infineon.com
Tue Mar 6 09:11:43 CET 2007


openssl ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5


Thanks,
Ohad

-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro] 
Sent: Monday, March 05, 2007 6:59 PM
To: Paulo Angonese; Levy Ohad (IFKL IT OS DSM CD); users openser.org
Subject: Re: [Users] TLS and dead tcp child

Hi Paulo,Hi Ohad,

could you please send me the output of

 >\ openssl ciphers

from your machines?


regards,
bogdan

Paulo Angonese wrote:
> My version of krb5-libs is krb5-libs-1.4.1-5. The newest for FC4...
>
>
> Paulo Angonese escreveu:
>> Bogdan, here is the bt:
>>
>> $ gdb /usr/local/sbin/openser core.9999
>>
>> ....
>>
>> #0  0x00c63b87 in strchr () from /lib/libc.so.6
>> #1  0x0033dc53 in krb5_kt_resolve () from /usr/lib/libkrb5.so.3
>> #2  0x003cf5a0 in kssl_keytab_is_available () from /lib/libssl.so.5
>> #3  0x003bbc4c in ssl3_choose_cipher () from /lib/libssl.so.5
>> #4  0x003b73c0 in ssl3_accept () from /lib/libssl.so.5
>> #5  0x003c4eba in SSL_accept () from /lib/libssl.so.5
>> #6  0x080e1dc9 in tls_accept (c=0xb616b490) at tls/tls_server.c:236
>> #7  0x080e35cc in tls_fix_read_conn (c=0xb616b490) at 
>> tls/tls_server.c:872
>> #8  0x0809c428 in tcp_read_req (con=0xb616b490, 
>> bytes_read=0xbfad8448) at tcp_read.c:411
>> #9  0x0809c7a7 in handle_io (fm=0x814e1b0, idx=-1) at tcp_read.c:772
>> #10 0x0809dbf3 in io_wait_loop_epoll (h=0x8113020, t=Variable "t" is 
>> not available.
>> ) at io_wait.h:722
>> #11 0x0809df67 in tcp_receive_loop (unix_sock=17) at tcp_read.c:893
>> #12 0x08093969 in tcp_init_children (chd_rank=0x810dcd4) at 
>> tcp_main.c:1745
>> #13 0x0806ce1e in main_loop () at main.c:1009
>> #14 0x0806e8cb in main (argc=1, argv=0xbfad86f4) at main.c:1477
>>
>>
>>
>>
>> Paulo Angonese escreveu:
>>> Hi Bogdan,
>>>
>>> I´m sorry for my dumbness, but the backtrace log shows only this:
>>>
>>> [root at sx83 /]# gdb /usr/local/sbin/openser
>>> GNU gdb Red Hat Linux (6.3.0.0-1.84rh)
>>> Copyright 2004 Free Software Foundation, Inc.
>>> GDB is free software, covered by the GNU General Public License, and 
>>> you are
>>> welcome to change it and/or distribute copies of it under certain 
>>> conditions.
>>> Type "show copying" to see the conditions.
>>> There is absolutely no warranty for GDB.  Type "show warranty" for 
>>> details.
>>> This GDB was configured as "i386-redhat-linux-gnu"...Using host 
>>> libthread_db library "/lib/libthread_db.so.1".
>>>
>>> (gdb) run
>>> Starting program: /usr/local/sbin/openser
>>> Reading symbols from shared object read from target memory...done.
>>> Loaded system supplied DSO at 0x6e9000
>>>  0(2634) WARNING: fix_socket_list: could not rev. resolve 10.128.63.183
>>>  0(2634) WARNING: fix_socket_list: could not rev. resolve 10.128.63.183
>>> Listening on
>>>              udp: 10.128.63.183 [10.128.63.183]:5060
>>>              tls: 10.128.63.183 [10.128.63.183]:5061
>>> Aliases:
>>>
>>>  0(2634) TLS: Client verification activated. Client certificates are 
>>> mandatory.
>>>  0(2634) TLS: Server verification activated.
>>> Detaching after fork from child process 2637.
>>>
>>> Program exited normally.
>>> (gdb) 11(2669) ERROR: receive_fd: EOF on 14
>>>
>>>
>>> The binaries are available in 
>>> ftp://ftp.procergs.com.br/pub/procergs/openser/openser-binaries.tgz
>>>
>>> SSH access is harder. This machine is in the intranet.
>>>
>>> Thanks
>>>
>>> Paulo
>>>
>>> Bogdan-Andrei Iancu escreveu:
>>>> Hi Paulo,
>>>>
>>>> the core files without the binaries ( openser+modules (so) ) ar not 
>>>> usable. Let us first try the backtrace - could you send me the 
>>>> backtraces? Oterwise, please upload the binaries for download also.
>>>>
>>>> there is a simple way, if you could provide access to your machine 
>>>> (using ssh keys) and can directly inspect the core files.
>>>>
>>>> regards,
>>>> bogdan
>>>>
>>>> Paulo Angonese wrote:
>>>>> Ok.
>>>>>
>>>>> The core (two files was generated) and the full log (debug=9) are 
>>>>> in ftp://ftp.procergs.com.br/pub/procergs/openser
>>>>>
>>>>>
>>>>>
>>>>> Bogdan-Andrei Iancu escreveu:
>>>>>> Hi Paulo,
>>>>>>
>>>>>> some suggestion :) - could you provide full log (debug) and 
>>>>>> core+binaries (for download) ? Or backtrace?
>>>>>>
>>>>>> regards,
>>>>>> bogdan
>>>>>>
>>>>>> Paulo Angonese wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I have the same problem.
>>>>>>> When the SNOM ( 360 SIP 6.5.2 ) sends the REGISTER using TLS 
>>>>>>> OpenSER crashes.
>>>>>>> I´m using
>>>>>>> OpenSer (1.1.1-tls (i386/linux)),
>>>>>>> openssl-0.9.7f-7.10
>>>>>>> openssl-devel-0.9.7f-7.10
>>>>>>> Fedora 2.6.11-1.1369_FC4
>>>>>>>
>>>>>>> Any help?
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Paulo Angonese
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> [Users] CVS 31.03, TLS and dead tcp child
>>>>>>> Bogdan-Andrei Iancu bogdan at voice-system.ro
>>>>>>> Tue Oct 31 17:13:43 CET 2006
>>>>>>>
>>>>>>>     * Previous message: [Users] CVS 31.03, TLS and dead tcp child
>>>>>>>     * Next message: [Users] Q:ABOUTE:SET UP MESSAGE FLOW
>>>>>>>     * Messages sorted by: [ date ] [ thread ] [ subject ] [ 
>>>>>>> author ]
>>>>>>>
>>>>>>> Hi Frank,
>>>>>>>
>>>>>>> can you pack the cores + binaries (lib + exe)  + sources+logs(in 
>>>>>>> debug
>>>>>>> mode) and put it somewhere for download?
>>>>>>> I will try to take a look.
>>>>>>>
>>>>>>> regards,
>>>>>>> Bogdan
>>>>>>>
>>>>>>> Frank DInnocenzo wrote:
>>>>>>>
>>>>>>> > Bogdan,
>>>>>>> >
>>>>>>> > I am using openser-1.1.0-tls_src. I actually get two core 
>>>>>>> files after
>>>>>>> > the crash. Can I post them somehow?
>>>>>>> >
>>>>>>> >
>>>>>>> > # openser -V
>>>>>>> > version: openser 1.1.0-tls (i386/linux)
>>>>>>> > flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE,
>>>>>>> > USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC,
>>>>>>> > FAST_LOCK-ADAPTIVE_WAIT
>>>>>>> > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, 
>>>>>>> MAX_LISTEN 16,
>>>>>>> > MAX_URI_SIZE 1024, BUF_SIZE 65535
>>>>>>> > poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>>>>>>> > @(#) $Id: main.c,v 1.20 2006/07/04 17:25:54 bogdan_iancu Exp $
>>>>>>> > main.c compiled on 14:27:50 Oct 24 2006 with gcc 4.0.0
>>>>>>> >
>>>>>>> > Thanks
>>>>>>> > Frank
>>>>>>> >
>>>>>>> >
>>>>>>> > */Bogdan-Andrei Iancu <bogdan at voice-system.ro>/* wrote:
>>>>>>> >
>>>>>>> >     Hi Frank,
>>>>>>> >
>>>>>>> >     I'm successfully using a SNOM 320 with TLS and no problem 
>>>>>>> so far.....
>>>>>>> >     What openser version are you using?...do you get any core 
>>>>>>> file
>>>>>>> >     after the
>>>>>>> >     crash??
>>>>>>> >
>>>>>>> >     regards,
>>>>>>> >     bogdan
>>>>>>> >
>>>>>>> >     Frank DInnocenzo wrote:
>>>>>>> >
>>>>>>> >     > Hello,
>>>>>>> >     >
>>>>>>> >     > I'm new to openSer and wondered if there was any 
>>>>>>> resolution to this
>>>>>>> >     > post??? I'm hitting this same crash with openSer (with 
>>>>>>> TLS enabled)
>>>>>>> >     > using a Snom phone (300 with latest Beta firmware -
>>>>>>> >     > snom300-6.5-SIP-j.bin ). I've gone
>>>>>>> >     > through the archives looking for help getting this setup
>>>>>>> >     working. I've
>>>>>>> >     > also tried the Snom Softphone with the same result.
>>>>>>> >     >
>>>>>>> >     > Thanks
>>>>>>> >     > Frank
>>>>>>> >     >
>>>>>>> >     > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>> >     >
>>>>>>> >     > Hi,
>>>>>>> >     >
>>>>>>> >     > I have tried to register to OpenSER CVS 31.03 with my 
>>>>>>> SNOM 360
>>>>>>> >     > (5.3.6sw), disabled pretty all modules from OpenSER 
>>>>>>> (radius,
>>>>>>> >     xlog, auth,
>>>>>>> >     > ...) and always the server crashes.
>>>>>>> >     >
>>>>>>> >     > Is there something I have missed in configuration ?
>>>>>>> >     >
>>>>>>> >     > Thanks a lot for help,
>>>>>>> >     > -Mika
>>>>>>> >     >
>>>>>>> >     > The error message and debug info seems like this:
>>>>>>> >     >
>>>>>>> >     > 11(24351) tcpconn_new: new tcp connection to: XXX.XX.XX.XXX
>>>>>>> >     > 11(24351) tcpconn_new: on port 2171, type 3
>>>>>>> >     > 11(24351) tls_tcpconn_init: Entered: Creating a whole 
>>>>>>> new ssl
>>>>>>> >     connection
>>>>>>> >     > 11(24351) tls_tcpconn_init: Looking up tls domain
>>>>>>> >     [XXX.XX.XX.XXX:5061]
>>>>>>> >     > 11(24351) tls_tcpconn_init: Using default tls server 
>>>>>>> settings
>>>>>>> >     > 11(24351) tls_tcpconn_init: Setting in ACCEPT mode (server)
>>>>>>> >     > 11(24351) tcpconn_add: hashes: 442, 1
>>>>>>> >     > 11(24351) handle_new_connect: new connection: 0xb608f6a0 24
>>>>>>> >     flags: 0002
>>>>>>> >     > 11(24351) send2child: to tcp child 0 7(24347), 0xb608f6a0
>>>>>>> >     > 7(24347) received n=4 con=0xb608f6a0, fd=19
>>>>>>> >     > 7(24347) DBG: io_watch_add(0x810e580, 19, 2, 
>>>>>>> 0xb608f6a0), fd_no=1
>>>>>>> >     > 7(24347) tls_update_fd: New fd is 19
>>>>>>> >     > 11(24351) DBG: handle_tcp_child: dead tcp child 0 (pid 
>>>>>>> 24347, no 7)
>>>>>>> >     > (shutting down?)
>>>>>>> >     > 11(24351) DBG: io_watch_del (0x810e420, 17, -1, 0x0) 
>>>>>>> fd_no=16 called
>>>>>>> >     > 11(24351) ERROR: receive_fd: EOF on 15
>>>>>>> >     > 11(24351) DBG: handle_ser_child: dead child 7, pid 24347
>>>>>>> >     (shutting down?)
>>>>>>> >     > 11(24351) DBG: io_watch_del (0x810e420, 15, -1, 0x0) 
>>>>>>> fd_no=15 called
>>>>>>> >     > 0(24339) child process 24347 exited by a signal 11
>>>>>>> >     > 0(24339) core was generated
>>>>>>> >     > 0(24339) INFO: terminating due to SIGCHLD
>>>>>>> >     > 6(24346) INFO: signal 15 received
>>>>>>> >     > 6(24346) Memory status (pkg):
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users at openser.org
>>>>>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>
>




More information about the Users mailing list