Mailing List Archive: Cherokee: dev

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl

Index | Next | Previous | View Threaded

codesite-noreply at google

Oct 6, 2009, 4:42 PM

Post #1 of 6 (150 views)
Permalink

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl

Status: New
Owner: ----

New issue 594 by kallisti05: sec_error_bad_signature randomly starts after
a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

What steps will reproduce the problem?
1. run a ssl domain though cherokee
2. access ssl domain with chromium on linux
3. chrome will core dump eventually with ssl connections (related to cert?
this may be a problem on chrome's side)
4. Cherokee will give sec_error_bad_signature to any browser which accesses
SSL domain until cherokee is restarted. (tested on various platforms and
different locations)

What is the expected output? What do you see instead?
A 3rd party should never be able to bring down a ssl site remotely.

What version of the product are you using? On what operating system?
Cherokee 0.99.24, ubuntu 9.04 32-bit

Please provide any additional information below.
I have not yet reset the web server, feel free to access the ssl page here
and see the error:
https://ssl.unixzen.com

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

stefan at konink

Oct 7, 2009, 1:15 AM

Post #2 of 6 (138 views)
Permalink

Re: Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

On Tue, 6 Oct 2009 codesite-noreply[at]google.com wrote:

> New issue 594 by kallisti05: sec_error_bad_signature randomly starts after
> a client mucks up ssl
> http://code.google.com/p/cherokee/issues/detail?id=594

Anyone already working on this one?

Stefan

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Oct 7, 2009, 3:22 AM

Post #3 of 6 (138 views)
Permalink

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Updates:
Owner: ste...@konink.de
Labels: Type-Defect Priority-Critical Component-Logic Usability

Comment #1 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

I believe there is a problem if you say so. But how can I crash Chromium?
I'm running
4.0.22.5 (27967)

If you want to help out it might be a good thing to have a gdb session
available in
case we are unable to crash Chromium in the first place. If you say on the
other
hand... I will be able to crash any Cherokee server I can launch a
Cherokee+SSL
myself and let you crash it.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Oct 7, 2009, 3:26 AM

Post #4 of 6 (138 views)
Permalink

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #2 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

The only errors I get from Chromium on the commandline are:

[30813:30836:104525399282:ERROR:/b/slave/chromium-rel-linux-64/build/src/net/base/x509_certificate_nss.cc(530)]
CERT_PKIXVerifyCert for ssl.unixzen.com failed err=-8179

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Oct 7, 2009, 5:52 AM

Post #5 of 6 (138 views)
Permalink

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #3 on issue 594 by kallisti05: sec_error_bad_signature randomly
starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

here is what I get:

"
[6064:6064:1035505425810:ERROR:/build/buildd/chromium-browser-4.0.221.7~svn20091006r28103/build-tree/src/chrome/browser/first_run_gtk.cc(21)]
Not implemented reached in static bool
FirstRun::ProcessMasterPreferences(const
FilePath&, const FilePath&, std::vector<std::basic_string<wchar_t,
std::char_traits<wchar_t>, std::allocator<wchar_t> >,
std::allocator<std::basic_string<wchar_t, std::char_traits<wchar_t>,
std::allocator<wchar_t> > > >*, int*, bool*)
[6064:6093:1035521152172:ERROR:/build/buildd/chromium-browser-4.0.221.7~svn20091006r28103/build-tree/src/net/base/x509_certificate_nss.cc(530)]
CERT_PKIXVerifyCert for ssl.unixzen.com failed err=-8179
[6064:6091:1035523103478:ERROR:/build/buildd/chromium-browser-4.0.221.7~svn20091006r28103/build-tree/src/net/base/x509_certificate_nss.cc(530)]
CERT_PKIXVerifyCert for ssl.unixzen.com failed err=-8179
[6064:6067:1035523591028:ERROR:/build/buildd/chromium-browser-4.0.221.7~svn20091006r28103/build-tree/src/net/socket/ssl_client_socket_nss.cc(728)]
handshake failed; NSS error code -8182, net_error -207
Segmentation fault
"

This issue seems hard to reproduce, I know it has happened to me several
times in the
past... and I see another post refering to the same issue:
http://forums.digitalpoint.com/showthread.php?t=1436685

I think there's a situation which breaks cherokee SSL until it's restarted.
I am
working on getting more info on how to reproduce it. I unfortunately did
not have
logging enabled last time this happened. Logging for my ssl subdomain has
been enabled.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

codesite-noreply at google

Oct 7, 2009, 6:02 AM

Post #6 of 6 (138 views)
Permalink

Issue 594 in cherokee: sec_error_bad_signature randomly starts after a client mucks up ssl [In reply to]

Comment #4 on issue 594 by ste...@konink.de: sec_error_bad_signature
randomly starts after a client mucks up ssl
http://code.google.com/p/cherokee/issues/detail?id=594

If you have a way to kill my server I can do something for you ;) But now I
cannot
crash Chromium nor I can kill Cherokee. I know we have fixed another issue
in
Cherokee related to SSL but I think that is unrelated, and actually
returned a
segmentationfault.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com