Dillo crash on HTTPS connection (to MS web site)
I am not sure how to proceed, because my C/C++ programming skills are close to zero. But can make some debug effort if someone instructs me what to do. :) In short, Dillo crashes when I try to connect to the site of MS. It works ok on other https web sites, for example on https://google.com Dillo is compiled and run on 64bit ELF executable with SSL enabled. Here is what I have in the console: $dillo "https://msdn.microsoft.com/en-us/library/windows/desktop/ms645616(v=vs.85).a..." ** ERROR **: prefsparser: Syntax error in dillorc: name="(null)" value="(null)" paths: Cannot open file '/home/johnfound/.dillo/keysrc': No such file or directory paths: Using /usr/local/etc/dillo/keysrc paths: Cannot open file '/home/johnfound/.dillo/domainrc': No such file or directory paths: Using /usr/local/etc/dillo/domainrc Domain: Default accept. dillo_dns_init: Here we go! (threaded) Disabling cookies. paths: Cannot open file '/home/johnfound/.dillo/hsts_preload': No such file or directory paths: Using /usr/local/etc/dillo/hsts_preload ** WARNING **: preferred cursive font "URW Chancery L" not found. Nav_open_url: new url='https://msdn.microsoft.com/en-us/library/windows/desktop/ms645616(v=vs.85).a...' Dns_server [0]: msdn.microsoft.com is 157.56.148.19 Connecting to 157.56.148.19:443 msdn.microsoft.com: TLSv1.2, cipher DES-CBC3-SHA sha256 2048-bit RSA: /CN=msdn.microsoft.com sha256 4096-bit RSA: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 ** WARNING **: In 2015, browsers have begun to deprecate SHA1 certificates. sha1 2048-bit RSA: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root root: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root NumPendingStyleSheets=1 NumPendingStyleSheets=2 Dns_server [1]: i-msdn.sec.s-msft.com is 2.16.221.31 Dns_server [0]: assets.onestore.ms is 104.69.121.36 Dns_server [0]: m.webtrends.com is 63.251.85.33 i-msdn.sec.s-msft.com: TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384 ** WARNING **: In 2015, browsers have begun to deprecate SHA1 certificates. sha1 2048-bit RSA: /C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=STO Operations/CN=*.sec.s-msft.com ** WARNING **: In 2015, browsers have begun to deprecate SHA1 certificates. sha1 2048-bit RSA: /C=NL/L=Amsterdam/O=Verizon Enterprise Solutions/OU=Cybertrust/CN=Verizon Akamai SureServer CA G14-SHA1 ** WARNING **: In 2015, browsers have begun to deprecate SHA1 certificates. sha1 2048-bit RSA: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root root: /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root assets.onestore.ms: TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384 sha256 2048-bit RSA: /C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=Microsoft Corporation/CN=*.onestore.ms sha256 4096-bit RSA: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 ** WARNING **: In 2015, browsers have begun to deprecate SHA1 certificates. sha1 2048-bit RSA: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root root: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
a_Nav_repush <<<< Reusing fd 8 for https://assets.onestore.ms/cdnfiles/onestorerolling-1602-03000/shell/v3/imag... Nav_open_url: new url='https://msdn.microsoft.com/en-us/library/windows/desktop/ms645616(v=vs.85).a...' ABORT 1B ABORT 1B IO_write, closing with pending data not sent: "GET /cdnfiles/onestorerolling-1602-03000/shell/v3/images/logo/microsoft.png HTTP/1.1\x0D..." a_Nav_expect_done: repush! ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history dillo: tls.c:1177: a_Tls_handshake: Assertion `!ERR_get_error()' failed. Aborted (core dumped)
-- http://fresh.flatassembler.net http://asm32.info John Found <johnfound at asm32.info>
Hello John, I'm a bit better off, but not necessarily a lot. Unless someone takes this off me and instantly solves it, please presume that it's a long journey. I do not reproduce the problem. It may depend on the set of certificates on your machine, or something painful like that. I propose to attempt to give you a cookbook for driving gdb. You could try going which dillo gdb <full path to dillo> <url that you had before> - should get a (gdb) prompt run - should give a message about your abourt - should get a (gdb) prompt print ERR_peek_last_error() - should show a number and a prompt print /x ERR_peek_last_error() - should show the same number in hex, and a prompt bt 10 - should get a stack trace quit - should get a shell prompt The numbers should be the same, modulo base, and may tell us something about the nature of the problem, after we do some decoding. Regards, James. On 24/02/2016, John Found <johnfound at asm32.info> wrote:
I am not sure how to proceed, because my C/C++ programming skills are close to zero. But can make some debug effort if someone instructs me what to do. :)
In short, Dillo crashes when I try to connect to the site of MS. It works ok on other https web sites, for example on https://google.com
Dillo is compiled and run on 64bit ELF executable with SSL enabled.
Here is what I have in the console:
$dillo "https://msdn.microsoft.com/en-us/library/windows/desktop/ms645616(v=vs.85).a..." ** ERROR **: prefsparser: Syntax error in dillorc: name="(null)" value="(null)" paths: Cannot open file '/home/johnfound/.dillo/keysrc': No such file or directory paths: Using /usr/local/etc/dillo/keysrc paths: Cannot open file '/home/johnfound/.dillo/domainrc': No such file or directory paths: Using /usr/local/etc/dillo/domainrc Domain: Default accept. dillo_dns_init: Here we go! (threaded) Disabling cookies. paths: Cannot open file '/home/johnfound/.dillo/hsts_preload': No such file or directory paths: Using /usr/local/etc/dillo/hsts_preload ** WARNING **: preferred cursive font "URW Chancery L" not found. Nav_open_url: new url='https://msdn.microsoft.com/en-us/library/windows/desktop/ms645616(v=vs.85).a...' Dns_server [0]: msdn.microsoft.com is 157.56.148.19 Connecting to 157.56.148.19:443 msdn.microsoft.com: TLSv1.2, cipher DES-CBC3-SHA sha256 2048-bit RSA: /CN=msdn.microsoft.com sha256 4096-bit RSA: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 ** WARNING **: In 2015, browsers have begun to deprecate SHA1 certificates. sha1 2048-bit RSA: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root root: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root NumPendingStyleSheets=1 NumPendingStyleSheets=2 Dns_server [1]: i-msdn.sec.s-msft.com is 2.16.221.31 Dns_server [0]: assets.onestore.ms is 104.69.121.36 Dns_server [0]: m.webtrends.com is 63.251.85.33 i-msdn.sec.s-msft.com: TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384 ** WARNING **: In 2015, browsers have begun to deprecate SHA1 certificates. sha1 2048-bit RSA: /C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=STO Operations/CN=*.sec.s-msft.com ** WARNING **: In 2015, browsers have begun to deprecate SHA1 certificates. sha1 2048-bit RSA: /C=NL/L=Amsterdam/O=Verizon Enterprise Solutions/OU=Cybertrust/CN=Verizon Akamai SureServer CA G14-SHA1 ** WARNING **: In 2015, browsers have begun to deprecate SHA1 certificates. sha1 2048-bit RSA: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root root: /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root assets.onestore.ms: TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384 sha256 2048-bit RSA: /C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=Microsoft Corporation/CN=*.onestore.ms sha256 4096-bit RSA: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 ** WARNING **: In 2015, browsers have begun to deprecate SHA1 certificates. sha1 2048-bit RSA: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root root: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
a_Nav_repush <<<< Reusing fd 8 for https://assets.onestore.ms/cdnfiles/onestorerolling-1602-03000/shell/v3/imag... Nav_open_url: new url='https://msdn.microsoft.com/en-us/library/windows/desktop/ms645616(v=vs.85).a...' ABORT 1B ABORT 1B IO_write, closing with pending data not sent: "GET /cdnfiles/onestorerolling-1602-03000/shell/v3/images/logo/microsoft.png HTTP/1.1\x0D..." a_Nav_expect_done: repush! ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history ** WARNING **: Ignoring unsafe author style that might reveal browsing history dillo: tls.c:1177: a_Tls_handshake: Assertion `!ERR_get_error()' failed. Aborted (core dumped)
-- http://fresh.flatassembler.net http://asm32.info John Found <johnfound at asm32.info>
_______________________________________________ Dillo-dev mailing list Dillo-dev at dillo.org http://lists.dillo.org/cgi-bin/mailman/listinfo/dillo-dev
On Wed, 24 Feb 2016 10:34:00 +1300 James C <james.from.wellington at gmail.com> wrote:
Hello John,
I'm a bit better off, but not necessarily a lot. Unless someone takes this off me and instantly solves it, please presume that it's a long journey.
I do not reproduce the problem. It may depend on the set of certificates on your machine, or something painful like that.
I propose to attempt to give you a cookbook for driving gdb. You could try going which dillo
Program received signal SIGABRT, Aborted. 0x00007ffff5dfe3c8 in raise () from /usr/lib/libc.so.6 (gdb) print ERR_peek_last_error() $1 = 0 (gdb) print /x ERR_peek_last_error() $2 = 0x0 (gdb) bt 10 #0 0x00007ffff5dfe3c8 in raise () from /usr/lib/libc.so.6 #1 0x00007ffff5dff84a in abort () from /usr/lib/libc.so.6 #2 0x00007ffff5df72c7 in __assert_fail_base () from /usr/lib/libc.so.6 #3 0x00007ffff5df7372 in __assert_fail () from /usr/lib/libc.so.6 #4 0x0000000000447a01 in a_Tls_handshake (fd=7, url=0xb005f0) at tls.c:1177 #5 0x0000000000444e6b in Http_connect_tls (info=0xb00470) at http.c:512 #6 Http_connect_socket (Info=0xb00470) at http.c:584 #7 Http_connect_queued_sockets (srv=0xb00800) at http.c:275 #8 0x0000000000445a6c in Http_get (Data1=0xaffa20, Info=0xb00470) at http.c:742 #9 a_Http_ccc (Op=<optimized out>, Branch=<optimized out>, Dir=<optimized out>, Info=0xb00470, Data1=0xaffa20, Data2=0x0) at http.c:833 (More stack frames follow...) -- http://fresh.flatassembler.net http://asm32.info John Found <johnfound at asm32.info>
Hello John, Thanks. On casual inspection, that seems very sad. It has failed, and seems to be trying to tell us that nothing is wrong. My next experiment is: gdb <the usual stuff> break ERR_put_error run bt 10 quit to try to prove, upstream, that there really was a complaint. Regards, James. On 24/02/2016, John Found <johnfound at asm32.info> wrote:
On Wed, 24 Feb 2016 10:34:00 +1300 James C <james.from.wellington at gmail.com> wrote:
Hello John,
I'm a bit better off, but not necessarily a lot. Unless someone takes this off me and instantly solves it, please presume that it's a long journey.
I do not reproduce the problem. It may depend on the set of certificates on your machine, or something painful like that.
I propose to attempt to give you a cookbook for driving gdb. You could try going which dillo
Program received signal SIGABRT, Aborted. 0x00007ffff5dfe3c8 in raise () from /usr/lib/libc.so.6 (gdb) print ERR_peek_last_error() $1 = 0 (gdb) print /x ERR_peek_last_error() $2 = 0x0 (gdb) bt 10 #0 0x00007ffff5dfe3c8 in raise () from /usr/lib/libc.so.6 #1 0x00007ffff5dff84a in abort () from /usr/lib/libc.so.6 #2 0x00007ffff5df72c7 in __assert_fail_base () from /usr/lib/libc.so.6 #3 0x00007ffff5df7372 in __assert_fail () from /usr/lib/libc.so.6 #4 0x0000000000447a01 in a_Tls_handshake (fd=7, url=0xb005f0) at tls.c:1177 #5 0x0000000000444e6b in Http_connect_tls (info=0xb00470) at http.c:512 #6 Http_connect_socket (Info=0xb00470) at http.c:584 #7 Http_connect_queued_sockets (srv=0xb00800) at http.c:275 #8 0x0000000000445a6c in Http_get (Data1=0xaffa20, Info=0xb00470) at http.c:742 #9 a_Http_ccc (Op=<optimized out>, Branch=<optimized out>, Dir=<optimized out>, Info=0xb00470, Data1=0xaffa20, Data2=0x0) at http.c:833 (More stack frames follow...)
-- http://fresh.flatassembler.net http://asm32.info John Found <johnfound at asm32.info>
On Wed, 24 Feb 2016 12:01:10 +1300 James C <james.from.wellington at gmail.com> wrote:
Hello John,
Thanks.
On casual inspection, that seems very sad. It has failed, and seems to be trying to tell us that nothing is wrong.
My next experiment is: gdb <the usual stuff> break ERR_put_error run bt 10 quit
to try to prove, upstream, that there really was a complaint.
Here is the output: gdb --args /usr/local/bin/dillo "https://msdn.microsoft.com/en-us/library/windows/desktop/ms645616(v=vs.85).a..." GNU gdb (GDB) 7.10.1 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/local/bin/dillo...done. (gdb) break ERR_put_error Function "ERR_put_error" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (ERR_put_error) pending. (gdb) run Starting program: /usr/local/bin/dillo https://msdn.microsoft.com/en-us/library/windows/desktop/ms645616\(v=vs.85\).aspx [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". paths: Cannot open file '/home/johnfound/.dillo/keysrc': No such file or directory paths: Using /usr/local/etc/dillo/keysrc paths: Cannot open file '/home/johnfound/.dillo/domainrc': No such file or directory paths: Using /usr/local/etc/dillo/domainrc Domain: Default accept. dillo_dns_init: Here we go! (threaded) Breakpoint 1, 0x00007ffff6ba9d90 in ERR_put_error () from /usr/lib/libcrypto.so.1.0.0 (gdb) bt 10 #0 0x00007ffff6ba9d90 in ERR_put_error () from /usr/lib/libcrypto.so.1.0.0 #1 0x00007ffff6be55c7 in PEM_read_bio () from /usr/lib/libcrypto.so.1.0.0 #2 0x00007ffff6be38f6 in PEM_X509_INFO_read_bio () from /usr/lib/libcrypto.so.1.0.0 #3 0x00007ffff6bf5717 in X509_load_cert_crl_file () from /usr/lib/libcrypto.so.1.0.0 #4 0x00007ffff6bf583a in by_file_ctrl () from /usr/lib/libcrypto.so.1.0.0 #5 0x000000000044684e in Tls_load_certificates () at tls.c:234 #6 a_Tls_init () at tls.c:293 #7 0x000000000040aadc in main (argc=2, argv=0x7fffffffe298) at dillo.cc:481 -- http://fresh.flatassembler.net http://asm32.info John Found <johnfound at asm32.info>
Hello John, That's much earlier than the point where the fault becomes obvious. It's not completely clear that it's the same event. How would you feel about building openssl from source, with debug, in order for us to work out what it's complaining about? The other alternative, which I won't do instantly is: - find somewhere to stash some variables - finish the call to ERR_put_error - call ERR_get_error_line_data with the addresses of the stashed variables - print them and try to interpret the result The other other alternative is to find every place where an ERR_get_error* is called, and fix them so that they don't discard the output, but that's probably a big job. Regards, James. On 24/02/2016, John Found <johnfound at asm32.info> wrote:
On Wed, 24 Feb 2016 12:01:10 +1300 James C <james.from.wellington at gmail.com> wrote:
Hello John,
Thanks.
On casual inspection, that seems very sad. It has failed, and seems to be trying to tell us that nothing is wrong.
My next experiment is: gdb <the usual stuff> break ERR_put_error run bt 10 quit
to try to prove, upstream, that there really was a complaint.
Here is the output:
gdb --args /usr/local/bin/dillo "https://msdn.microsoft.com/en-us/library/windows/desktop/ms645616(v=vs.85).a..." GNU gdb (GDB) 7.10.1 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/local/bin/dillo...done. (gdb) break ERR_put_error Function "ERR_put_error" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (ERR_put_error) pending. (gdb) run Starting program: /usr/local/bin/dillo https://msdn.microsoft.com/en-us/library/windows/desktop/ms645616\(v=vs.85\).aspx [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". paths: Cannot open file '/home/johnfound/.dillo/keysrc': No such file or directory paths: Using /usr/local/etc/dillo/keysrc paths: Cannot open file '/home/johnfound/.dillo/domainrc': No such file or directory paths: Using /usr/local/etc/dillo/domainrc Domain: Default accept. dillo_dns_init: Here we go! (threaded)
Breakpoint 1, 0x00007ffff6ba9d90 in ERR_put_error () from /usr/lib/libcrypto.so.1.0.0 (gdb) bt 10 #0 0x00007ffff6ba9d90 in ERR_put_error () from /usr/lib/libcrypto.so.1.0.0 #1 0x00007ffff6be55c7 in PEM_read_bio () from /usr/lib/libcrypto.so.1.0.0 #2 0x00007ffff6be38f6 in PEM_X509_INFO_read_bio () from /usr/lib/libcrypto.so.1.0.0 #3 0x00007ffff6bf5717 in X509_load_cert_crl_file () from /usr/lib/libcrypto.so.1.0.0 #4 0x00007ffff6bf583a in by_file_ctrl () from /usr/lib/libcrypto.so.1.0.0 #5 0x000000000044684e in Tls_load_certificates () at tls.c:234 #6 a_Tls_init () at tls.c:293 #7 0x000000000040aadc in main (argc=2, argv=0x7fffffffe298) at dillo.cc:481
-- http://fresh.flatassembler.net http://asm32.info John Found <johnfound at asm32.info>
On Tue, Feb 23, 2016 at 08:29:27PM +0200, John Found wrote:
In short, Dillo crashes when I try to connect to the site of MS. It works ok on other https web sites, for example on https://google.com
It doesn't want to trip the assert for me. What happens if you add something like the following: diff -r 50d1c1aff6ae src/IO/tls.c --- a/src/IO/tls.c Mon Jan 25 19:48:54 2016 +0100 +++ b/src/IO/tls.c Tue Feb 23 23:08:06 2016 +0000 @@ -1174,6 +1174,9 @@ success = FALSE; } + { int long e = ERR_get_error(); + if (e) MSG_ERR("our TLS mystery error is: %s\n", ERR_error_string(e, NULL)); + } assert(!ERR_get_error()); if (success && !(ssl = SSL_new(ssl_context))) {
After this code inserted, the crash seems to be fixed. Mentioned MS site is loaded normally. Thanks! On Wed, 24 Feb 2016 07:59:09 +0000 eocene <eocene at gmx.com> wrote:
On Tue, Feb 23, 2016 at 08:29:27PM +0200, John Found wrote:
In short, Dillo crashes when I try to connect to the site of MS. It works ok on other https web sites, for example on https://google.com
It doesn't want to trip the assert for me. What happens if you add something like the following:
diff -r 50d1c1aff6ae src/IO/tls.c --- a/src/IO/tls.c Mon Jan 25 19:48:54 2016 +0100 +++ b/src/IO/tls.c Tue Feb 23 23:08:06 2016 +0000 @@ -1174,6 +1174,9 @@ success = FALSE; }
+ { int long e = ERR_get_error(); + if (e) MSG_ERR("our TLS mystery error is: %s\n", ERR_error_string(e, NULL)); + } assert(!ERR_get_error());
if (success && !(ssl = SSL_new(ssl_context))) {
_______________________________________________ Dillo-dev mailing list Dillo-dev at dillo.org http://lists.dillo.org/cgi-bin/mailman/listinfo/dillo-dev
-- http://fresh.flatassembler.net http://asm32.info John Found <johnfound at asm32.info>
On Wed, 24 Feb 2016 19:26:53 +0000 eocene <eocene at gmx.com> wrote:
On Wed, Feb 24, 2016 at 12:21:50PM +0200, John Found wrote:
After this code inserted, the crash seems to be fixed. Mentioned MS site is loaded normally.
What error did this code print out?
_______________________________________________ Dillo-dev mailing list Dillo-dev at dillo.org http://lists.dillo.org/cgi-bin/mailman/listinfo/dillo-dev
Oh, sorry. I was happy to have it work and forgot to report. :) Here is the dump from the error, down to the end: ** ERROR **: our TLS mystery error is: error:140C5042:SSL routines:ssl_undefined_function:called a function you should not call m.webtrends.com: TLSv1.2, cipher AES128-SHA sha256 2048-bit RSA: /C=US/ST=Oregon/L=Portland/O=WebTrends Inc./CN=m.webtrends.com sha256 2048-bit RSA: /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K sha256 2048-bit RSA: /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2 root: /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority a_Dicache_cleanup: length = 6 Best Regards -- http://fresh.flatassembler.net http://asm32.info John Found <johnfound at asm32.info>
On Wed, Feb 24, 2016 at 11:41:48PM +0200, John Found wrote:
Oh, sorry. I was happy to have it work and forgot to report. :) Here is the dump from the error, down to the end:
** ERROR **: our TLS mystery error is: error:140C5042:SSL routines:ssl_undefined_function:called a function you should not call
Ah, openssl makes so little effort toward anything. I see that apache, nginx, etc. started to see lots of those messages with openssl 1.0.2f, so I tried that version, and still no error messages for me. (1.0.2f apparently becomes somewhat strict about shutdown during handshake, whereas it seems earlier versions would just report success and not do anything.) There is an ERR_get_error_line() function which might help. Diff attached. The manpage didn't bother to go into any normal detail about the buffer it wants for the filename argument, of course, but we'll see.
Now it crashes again. The output messages are in the attached file. On Thu, 25 Feb 2016 05:21:06 +0000 eocene <eocene at gmx.com> wrote:
On Wed, Feb 24, 2016 at 11:41:48PM +0200, John Found wrote:
Oh, sorry. I was happy to have it work and forgot to report. :) Here is the dump from the error, down to the end:
** ERROR **: our TLS mystery error is: error:140C5042:SSL routines:ssl_undefined_function:called a function you should not call
Ah, openssl makes so little effort toward anything. I see that apache, nginx, etc. started to see lots of those messages with openssl 1.0.2f, so I tried that version, and still no error messages for me. (1.0.2f apparently becomes somewhat strict about shutdown during handshake, whereas it seems earlier versions would just report success and not do anything.)
There is an ERR_get_error_line() function which might help. Diff attached. The manpage didn't bother to go into any normal detail about the buffer it wants for the filename argument, of course, but we'll see.
-- http://fresh.flatassembler.net http://asm32.info John Found <johnfound at asm32.info>
On Thu, Feb 25, 2016 at 09:19:22AM +0200, John Found wrote:
** ERROR **: our TLS mystery error is: error:140C5042:SSL routines:ssl_undefined_function:called a function you should not call At ssl_lib.c:2800
(Oops, I missed your reply!) Looking in the openssl source, that's just: int ssl_undefined_function(SSL *s) { SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } ...which is no surprise at all. I thought it might at least tell me which call was disliked.
On Wed, Feb 24, 2016 at 11:41:48PM +0200, John Found wrote:
** ERROR **: our TLS mystery error is: error:140C5042:SSL routines:ssl_undefined_function:called a function you should not call
If this is indeed the same problem that apache, nginx, et al., are seeing, then the attached should suffice to fix it.
Hi, I was experiencing this assertion also now on https://blog.scaleway.com/2016/03/08/c2-insanely-affordable-x64-servers/ and the patch below fixes it. Cheers, Johannes On Wed, Mar 02, 2016 at 11:10:13AM +0000, eocene wrote:
On Wed, Feb 24, 2016 at 11:41:48PM +0200, John Found wrote:
** ERROR **: our TLS mystery error is: error:140C5042:SSL routines:ssl_undefined_function:called a function you should not call
If this is indeed the same problem that apache, nginx, et al., are seeing, then the attached should suffice to fix it.
diff -r 50d1c1aff6ae src/IO/tls.c --- a/src/IO/tls.c Mon Jan 25 19:48:54 2016 +0100 +++ b/src/IO/tls.c Wed Mar 02 11:00:50 2016 +0000 @@ -1041,7 +1041,12 @@ a_IOwatch_remove_fd(c->fd, -1); dClose(c->fd); } - SSL_shutdown(c->ssl); + if (!SSL_in_init(c->ssl)) { + /* openssl 1.0.2f does not like shutdown being called during handshake, + * resulting in ssl_undefined_function in the error queue. + */ + SSL_shutdown(c->ssl); + } SSL_free(c->ssl);
a_Url_free(c->url);
_______________________________________________ Dillo-dev mailing list Dillo-dev at dillo.org http://lists.dillo.org/cgi-bin/mailman/listinfo/dillo-dev
On Wed, Mar 09, 2016 at 11:41:15AM +0100, Johannes Hofmann wrote:
I was experiencing this assertion also now on https://blog.scaleway.com/2016/03/08/c2-insanely-affordable-x64-servers/ and the patch below fixes it.
Ah, good. Thanks for the report!
Hi, On Wed, 2016-02-24 at 12:21 +0200, John Found wrote:
After this code inserted, the crash seems to be fixed. Mentioned MS site is loaded normally.
Thanks!
hmm, current dillo gives a lot of errors with valgrind with that site. Maybe that is a point to look at. Regards, Andreas
On Thu, Feb 25, 2016 at 08:49:20AM +0100, Andreas Kemnade wrote:
hmm, current dillo gives a lot of errors with valgrind with that site. Maybe that is a point to look at.
I'm not seeing them. They may be connected with: https://www.openssl.org/docs/faq.html#PROG14 14. Why does Valgrind complain about the use of uninitialized data? When OpenSSL's PRNG routines are called to generate random numbers the supplied buffer contents are mixed into the entropy pool: so it technically does not matter whether the buffer is initialized at this point or not. Valgrind (and other test tools) will complain about this. When using Valgrind, make sure the OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) to get rid of these warnings.
participants (5)
-
andreas@kemnade.info -
eocene@gmx.com -
james.from.wellington@gmail.com -
johannes.hofmann@gmx.de -
johnfound@asm32.info