Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

OpenSSL 1.0.0b testssl fails

71 views
Skip to first unread message

Victor Duchovni

unread,
Nov 16, 2010, 3:48:13 PM11/16/10
to

Anyone know why I am seeing the below errors:

../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time
Available compression methods:
NONE
DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
ERROR in SERVER
182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
10 handshakes of 256 bytes done
Approximate total server time: 0.00 s
Approximate total client time: 0.01 s

--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Dr. Stephen Henson

unread,
Nov 16, 2010, 3:56:07 PM11/16/10
to

Dang, I'm seeing that too now. Why didn't I see that when I tested it
earlier today?

I'll look into it.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

Victor Duchovni

unread,
Nov 16, 2010, 5:20:10 PM11/16/10
to
On Tue, Nov 16, 2010 at 03:48:13PM -0500, Victor Duchovni wrote:

>
> Anyone know why I am seeing the below errors:
>
> ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time
> Available compression methods:
> NONE
> DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA
> ERROR in SERVER
> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:

Running under gdb with symbols seems to the suggest the issue is with
the ec

else if (type == TLSEXT_TYPE_ec_point_formats &&
s->version != DTLS1_VERSION)
{
unsigned char *sdata = data;
int ecpointformatlist_length = *(sdata++);

if (ecpointformatlist_length != size - 1)
{
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
if (!s->hit)
{
if(s->session->tlsext_ecpointformatlist)
{
---> fail here --->
*al = TLS1_AD_DECODE_ERROR;
return 0;
}

Is this related to the CVE fix to the session state? Some other change?

--
Viktor.

Dr. Stephen Henson

unread,
Nov 16, 2010, 5:44:22 PM11/16/10
to
On Tue, Nov 16, 2010, Victor Duchovni wrote:

> On Tue, Nov 16, 2010 at 03:48:13PM -0500, Victor Duchovni wrote:
>
> >
> > Anyone know why I am seeing the below errors:
> >
> > ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time
> > Available compression methods:
> > NONE
> > DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA
> > ERROR in SERVER
> > 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
>
> Running under gdb with symbols seems to the suggest the issue is with
> the ec
>
> else if (type == TLSEXT_TYPE_ec_point_formats &&
> s->version != DTLS1_VERSION)
> {
> unsigned char *sdata = data;
> int ecpointformatlist_length = *(sdata++);
>
> if (ecpointformatlist_length != size - 1)
> {
> *al = TLS1_AD_DECODE_ERROR;
> return 0;
> }
> if (!s->hit)
> {
> if(s->session->tlsext_ecpointformatlist)
> {
> ---> fail here --->
> *al = TLS1_AD_DECODE_ERROR;
> return 0;
> }
>
> Is this related to the CVE fix to the session state? Some other change?
>

Yes the CVE fix broke it. It was assuming that the session fields would only
be set by extensions so if they were already set the extension (illegally)
occurred more than once: but in the case of EC point format list it can be
set elsewhere anyway.

This should fix it:

http://cvs.openssl.org/chngview?cn=19998

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

Mounir IDRASSI

unread,
Nov 16, 2010, 5:36:50 PM11/16/10
to
Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But
under Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error.

I don't see anything OS specific in the changes introduced in t1_lib.c
or s3_srvr.c. Could it be a gcc bug?

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 11/16/2010 9:56 PM, Dr. Stephen Henson wrote:


> On Tue, Nov 16, 2010, Victor Duchovni wrote:
>
>> Anyone know why I am seeing the below errors:
>>
>> ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time
>> Available compression methods:
>> NONE
>> DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 1024 bit RSA
>> ERROR in SERVER
>> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
>> ERROR in SERVER
>> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
>> ERROR in SERVER
>> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
>> ERROR in SERVER
>> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
>> ERROR in SERVER
>> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
>> ERROR in SERVER
>> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
>> ERROR in SERVER
>> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
>> ERROR in SERVER
>> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:
>> ERROR in SERVER
>> 182902820544:error:1408A0E3:SSL routines:SSL3_GET_CLIENT_HELLO:parse tlsext:s3_srvr.c:1043:

>> 10 handshakes of 256 bytes done
>> Approximate total server time: 0.00 s
>> Approximate total client time: 0.01 s
>>
> Dang, I'm seeing that too now. Why didn't I see that when I tested it
> earlier today?
>
> I'll look into it.
>

Dr. Stephen Henson

unread,
Nov 16, 2010, 5:49:13 PM11/16/10
to
On Tue, Nov 16, 2010, Mounir IDRASSI wrote:

> Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under
> Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error.
>
> I don't see anything OS specific in the changes introduced in t1_lib.c or
> s3_srvr.c. Could it be a gcc bug?
>

No, the Windows build uses different tests from a batch file which doesn't
include the failing test. If you manually run the same command line under
Windows it fails on that too.

Fix is this:

http://cvs.openssl.org/chngview?cn=19998

Victor Duchovni

unread,
Nov 16, 2010, 7:38:36 PM11/16/10
to
On Tue, Nov 16, 2010 at 11:36:50PM +0100, Mounir IDRASSI wrote:

> Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under
> Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error.
>
> I don't see anything OS specific in the changes introduced in t1_lib.c or
> s3_srvr.c. Could it be a gcc bug?

No, rather the tests on Windows are not as comprehensive as those
on Unix. There is no tls1 test.

--
Viktor.

Brodie Thiesfield

unread,
Nov 18, 2010, 9:28:32 AM11/18/10
to
On Wed, Nov 17, 2010 at 9:38 AM, Victor Duchovni
<Victor....@morganstanley.com> wrote:
> On Tue, Nov 16, 2010 at 11:36:50PM +0100, Mounir IDRASSI wrote:
>
>> Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under
>> Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error.
>>
>> I don't see anything OS specific in the changes introduced in t1_lib.c or
>> s3_srvr.c. Could it be a gcc bug?
>
> No, rather the tests on Windows are not as comprehensive as those
> on Unix. There is no tls1 test.

So does anyone know if this test failure and quick checkin fix mean
that we should shelve the 1.0.0b release and we wait for a more fully
tested 1.0.0c?

Regards,
Brodie

Dr. Stephen Henson

unread,
Nov 18, 2010, 11:36:57 AM11/18/10
to
On Thu, Nov 18, 2010, Brodie Thiesfield wrote:

> On Wed, Nov 17, 2010 at 9:38 AM, Victor Duchovni
> <Victor....@morganstanley.com> wrote:
> > On Tue, Nov 16, 2010 at 11:36:50PM +0100, Mounir IDRASSI wrote:
> >
> >> Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But under
> >> Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error.
> >>
> >> I don't see anything OS specific in the changes introduced in t1_lib.c or
> >> s3_srvr.c. Could it be a gcc bug?
> >
> > No, rather the tests on Windows are not as comprehensive as those
> > on Unix. There is no tls1 test.
>
> So does anyone know if this test failure and quick checkin fix mean
> that we should shelve the 1.0.0b release and we wait for a more fully
> tested 1.0.0c?
>

A 1.0.0c release is planned in the next few days. We're just seeing if any
other issues arise before the release: a couple have been fixed already.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

William A. Rowe Jr.

unread,
Nov 18, 2010, 12:12:11 PM11/18/10
to
On 11/18/2010 10:36 AM, Dr. Stephen Henson wrote:
>
> A 1.0.0c release is planned in the next few days. We're just seeing if any
> other issues arise before the release: a couple have been fixed already.

Have any observed issues affected 0.9.8p? If so, is there a planned .8q?

Dr. Stephen Henson

unread,
Nov 18, 2010, 12:31:28 PM11/18/10
to
On Thu, Nov 18, 2010, William A. Rowe Jr. wrote:

> On 11/18/2010 10:36 AM, Dr. Stephen Henson wrote:
> >
> > A 1.0.0c release is planned in the next few days. We're just seeing if any
> > other issues arise before the release: a couple have been fixed already.
>
> Have any observed issues affected 0.9.8p? If so, is there a planned .8q?

No, both the original SNAFU (the self test failure) and the other issues
(all platform compilation problems so far) affect OpenSSL 1.0.0b only.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

Victor Duchovni

unread,
Nov 18, 2010, 1:05:50 PM11/18/10
to
On Thu, Nov 18, 2010 at 11:12:11AM -0600, William A. Rowe Jr. wrote:

> On 11/18/2010 10:36 AM, Dr. Stephen Henson wrote:
> >
> > A 1.0.0c release is planned in the next few days. We're just seeing if any
> > other issues arise before the release: a couple have been fixed already.
>
> Have any observed issues affected 0.9.8p? If so, is there a planned .8q?

None that are publically visible. You can check for yourself:

http://cvs.openssl.org/timeline

No commits to the 0.9.8 branch after the release of 0.9.8p.

http://cvs.openssl.org/chngview?cn=19996

The 1.0.0b issues are just the one reported in this thread:

http://cvs.openssl.org/chngview?cn=20001

and a couple of platform variants where elimination of dead variables
left non-working code referencing the eliminated variables.

http://cvs.openssl.org/chngview?cn=20008
http://cvs.openssl.org/chngview?cn=20005

So far, it looks like the "20001" patch is sufficient for most
platforms.

--
Viktor.

William A. Rowe Jr.

unread,
Nov 18, 2010, 2:19:54 PM11/18/10
to
On 11/18/2010 12:05 PM, Victor Duchovni wrote:
>
> None that are publically visible. You can check for yourself:
>
> No commits to the 0.9.8 branch after the release of 0.9.8p.
>
> http://cvs.openssl.org/chngview?cn=19996

I was aware of this. It's why I raised the question, if any of these were
slated for backport, but simply not applied yet. The answer is no, so that
resolves my questions.

0 new messages