(Hm. What a verbose way of saying "Is the source code available to someone who might feel inclined to help you?". :-)
On Wed, Mar 03, 2004 at 07:45:19PM +0100, Johan Sundström (Achtung Liebe!) @ Pike (-) developers forum wrote:
(Hm. What a verbose way of saying "Is the source code available to someone who might feel inclined to help you?". :-)
Not that this is so big secret :) I was trying to find the problem... And the code to test (as simple as it can be):
--- trim --- #! /usr/local/bin/pike
void Handler(object req) { req->response_and_finish( ([ "data": "Got it!", "type": "text/plain", "error": 200 ]) ); }
object ServerListener;
int main(int argc, array(string) argv) { object ServerListener;
ServerListener = Protocols.HTTP.Server.SSLPort(Handler, 8443, "127.0.0.1"); return -1; } --- trim ---
As I said already, works perfectly under 7.4, but fails with 7.5. The failure trace (-DSSL3_DEBUG):
...blabla... Decrypting packet.. version[1]=0 SSL.connection: received packet of type 20 tried change_cipher: 0 Decrypting packet.. version[1]=0 Failed MAC-verification!! SSL.connection: Bad received packet SSL.connection->send_packet: type 21, desc 20, pri 1, "\2\24" ...blabla...
Something is wrong... But too deep for me - I am not familiar with this code...
Regards, /Al
As I said already, works perfectly under 7.4, but fails with 7.5. The failure trace (-DSSL3_DEBUG):
...blabla... Decrypting packet.. version[1]=0 SSL.connection: received packet of type 20 tried change_cipher: 0 Decrypting packet.. version[1]=0 Failed MAC-verification!! SSL.connection: Bad received packet SSL.connection->send_packet: type 21, desc 20, pri 1, "\2\24" ...blabla...
Something is wrong... But too deep for me - I am not familiar with this code...
The SSL module seems broken in Pike 7.5, this is probably due to bugs in the new Crypto glue.
Regards, /Al
/ Henrik Grubbström (Lysator)
Previous text:
2004-03-03 20:34: Subject: Re: SSL in 7.5 is broken?
On Wed, Mar 03, 2004 at 07:45:19PM +0100, Johan Sundström (Achtung Liebe!) @ Pike (-) developers forum wrote:
(Hm. What a verbose way of saying "Is the source code available to someone who might feel inclined to help you?". :-)
Not that this is so big secret :) I was trying to find the problem... And the code to test (as simple as it can be):
--- trim --- #! /usr/local/bin/pike
void Handler(object req) { req->response_and_finish( ([ "data": "Got it!", "type": "text/plain", "error": 200 ]) ); }
object ServerListener;
int main(int argc, array(string) argv) { object ServerListener;
ServerListener = Protocols.HTTP.Server.SSLPort(Handler, 8443, "127.0.0.1"); return -1;} --- trim ---
As I said already, works perfectly under 7.4, but fails with 7.5. The failure trace (-DSSL3_DEBUG):
...blabla... Decrypting packet.. version[1]=0 SSL.connection: received packet of type 20 tried change_cipher: 0 Decrypting packet.. version[1]=0 Failed MAC-verification!! SSL.connection: Bad received packet SSL.connection->send_packet: type 21, desc 20, pri 1, "\2\24" ...blabla...
Something is wrong... But too deep for me - I am not familiar with this code...
Regards, /Al
/ Brevbäraren
The SSL testsuite needs to be updated (or invented is perhaps a better word).
/ Martin Nilsson (saturator)
Previous text:
2004-03-03 20:36: Subject: Re: SSL in 7.5 is broken?
As I said already, works perfectly under 7.4, but fails with 7.5. The failure trace (-DSSL3_DEBUG):
...blabla... Decrypting packet.. version[1]=0 SSL.connection: received packet of type 20 tried change_cipher: 0 Decrypting packet.. version[1]=0 Failed MAC-verification!! SSL.connection: Bad received packet SSL.connection->send_packet: type 21, desc 20, pri 1, "\2\24" ...blabla...
Something is wrong... But too deep for me - I am not familiar with this code...
The SSL module seems broken in Pike 7.5, this is probably due to bugs in the new Crypto glue.
Regards, /Al
/ Henrik Grubbström (Lysator)
On Wed, Mar 03, 2004 at 09:05:02PM +0100, Martin Nilsson (saturator) @ Pike (-) developers forum wrote:
The SSL testsuite needs to be updated (or invented is perhaps a better word).
I think, to test it correctly, something external (like OpenSSL) will be required. Pike's SSL would be useless in case if it will be able to operate only with another Pike :)
And what about test suite for Nettle's glue? I see, only md5/sha1/aes are tested... Test vectors for all other ciphers would be good... Or it depends on correctly tested and installed library?
Regards, /Al
And what about test suite for Nettle's glue? I see, only md5/sha1/aes are tested... Test vectors for all other ciphers would be good... Or it depends on correctly tested and installed library?
There are plenty of tests in the Crypto module.
/ Martin Nilsson (saturator)
Previous text:
2004-03-03 22:48: Subject: Re: SSL in 7.5 is broken?
On Wed, Mar 03, 2004 at 09:05:02PM +0100, Martin Nilsson (saturator) @ Pike (-) developers forum wrote:
The SSL testsuite needs to be updated (or invented is perhaps a better word).
I think, to test it correctly, something external (like OpenSSL) will be required. Pike's SSL would be useless in case if it will be able to operate only with another Pike :)
And what about test suite for Nettle's glue? I see, only md5/sha1/aes are tested... Test vectors for all other ciphers would be good... Or it depends on correctly tested and installed library?
Regards, /Al
/ Brevbäraren
...and in nettle, I assume.
/ Mirar
Previous text:
2004-03-03 22:53: Subject: Re: SSL in 7.5 is broken?
And what about test suite for Nettle's glue? I see, only md5/sha1/aes are tested... Test vectors for all other ciphers would be good... Or it depends on correctly tested and installed library?
There are plenty of tests in the Crypto module.
/ Martin Nilsson (saturator)
The SSL module seems broken in Pike 7.5, this is probably due to bugs in the new Crypto glue.
Some investigation later, and the reason seems to have been a bad change in SSL.pmod/state.pike. Reverted.
It works for me (with Roxen 4.0) now.
/ Henrik Grubbström (Lysator)
Previous text:
2004-03-03 20:36: Subject: Re: SSL in 7.5 is broken?
As I said already, works perfectly under 7.4, but fails with 7.5. The failure trace (-DSSL3_DEBUG):
...blabla... Decrypting packet.. version[1]=0 SSL.connection: received packet of type 20 tried change_cipher: 0 Decrypting packet.. version[1]=0 Failed MAC-verification!! SSL.connection: Bad received packet SSL.connection->send_packet: type 21, desc 20, pri 1, "\2\24" ...blabla...
Something is wrong... But too deep for me - I am not familiar with this code...
The SSL module seems broken in Pike 7.5, this is probably due to bugs in the new Crypto glue.
Regards, /Al
/ Henrik Grubbström (Lysator)
Odd. crypto->unpad now calls crypt before it unpads (for symmetry with pad and in accordance with the old documentation), so you should get two calls to crypt with that code. But if it works...
/ Martin Nilsson (saturator)
Previous text:
2004-03-04 15:35: Subject: Re: SSL in 7.5 is broken?
The SSL module seems broken in Pike 7.5, this is probably due to bugs in the new Crypto glue.
Some investigation later, and the reason seems to have been a bad change in SSL.pmod/state.pike. Reverted.
It works for me (with Roxen 4.0) now.
/ Henrik Grubbström (Lysator)
Ok, the reason it worked for me was probably due to me testing only with TLS 3.1 and not with SSL 3.0. Now it should work with both.
/ Henrik Grubbström (Lysator)
Previous text:
2004-03-04 15:51: Subject: Re: SSL in 7.5 is broken?
Odd. crypto->unpad now calls crypt before it unpads (for symmetry with pad and in accordance with the old documentation), so you should get two calls to crypt with that code. But if it works...
/ Martin Nilsson (saturator)
pike-devel@lists.lysator.liu.se
-
Alexander Demenshin -
Henrik Grubbstr�m (Lysator) @ Pike (-) developers forum -
Johan Sundstr�m (Achtung Liebe!) @ Pike (-) developers forum
-
Martin Nilsson (saturator) @ Pike (-) developers forum
-
Mirar @ Pike developers forum