Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to create SSL context #959

Closed
keshavakarthik opened this issue Jan 9, 2017 · 9 comments
Closed

Unable to create SSL context #959

keshavakarthik opened this issue Jan 9, 2017 · 9 comments
Assignees
Labels
Milestone

Comments

@keshavakarthik
Copy link

With Kitura (.Package(url: "https://github.com/IBM-Swift/Kitura", majorVersion: 1, minor: 4)) adding SSL Support ( Self-Signed ) giving the error
"Error accepting client connection: Error code: 12, ERROR: Unable to create SSL context."

Whereas the same code is working fine with Kitura Version (Package(url: "https://github.com/IBM-Swift/Kitura.git", majorVersion: 1, minor: 0))

@na-gupta
Copy link
Contributor

na-gupta commented Jan 9, 2017

@gtaban @shmuelk
It looks like this problem was originally introduced with Kitura/Kitura-net#155 in this commit between Kitura-net 1.3.0 and 1.3.1

On that commit, the problem goes away with commenting out this line that was added in that commit. However, commenting out that same line on master does not fix the issue. So it looks like some other changes since then makes the problem reappear.

Further investigation is needed to find out how this should be properly fixed.

@na-gupta na-gupta added the bug label Jan 9, 2017
@na-gupta na-gupta added this to the 1.4.1 milestone Jan 9, 2017
@shmuelk
Copy link
Collaborator

shmuelk commented Jan 10, 2017

@navneet thanks for the research work.

@billabt I did an additional test here, after you pointed out to me that SSL on Kitura 1.2 works and fails on later versions. I commented out line 1305 in Socket.swift (self.delegate?.deinitialize() ). This is in the function deinit of Socket.swift. After commenting out that line of code SSL works.

I believe the problem is in the deinitialization of SLLService instances somehow, or somehow they are being shared across Socket instances.

billabt pushed a commit to Kitura/BlueSSLService that referenced this issue Jan 10, 2017
…Delegate method BEFORE closing the Socket as part of the close() method, not the deinit(). In SSLService, commented out the cleanup of OpenSSL error strings and EVP due to issues discovered in the latest OpenSSL version.
billabt pushed a commit to Kitura/BlueSocket that referenced this issue Jan 10, 2017
…Delegate method BEFORE closing the Socket as part of the close() method, not the deinit(). In SSLService, commented out the cleanup of OpenSSL error strings and EVP due to issues discovered in the latest OpenSSL version.
@billabt
Copy link

billabt commented Jan 10, 2017

Fixed in BlueSocket v0.12.18 and BlueSSLService v0.12.12.

@na-gupta
Copy link
Contributor

@billabt Thanks. That fixes the problem for the most part. But in some new unit tests I added in branch 962, there is a new failure:

xctest(6295,0x70000666b000) malloc: *** error for object 0x7fb5c9653af0: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug

It seems to occur in this line: let status: OSStatus = SSLWrite(sslContext, buffer, bufSize, &processed) in SSLService. Could you take a look to see if there's something wrong with the test or some other lingering problem?

@billabt
Copy link

billabt commented Jan 11, 2017

Did you set a breakpoint in malloc_error_break? If not, can you try the test again with that breakpoint set and then post the stack trace?

@billabt
Copy link

billabt commented Jan 11, 2017

There's actually no freeing of buffers taking place anywhere in this section of code. It's possible that it's happening inside SSLWrite itself or just prior to it... The stack trace should give us a clue.

@shmuelk shmuelk modified the milestones: 1.5.1, 1.5.0 Jan 11, 2017
@na-gupta
Copy link
Contributor

@billabt Here is the stack trace:
screen shot 2017-01-11 at 10 59 37 am

@na-gupta
Copy link
Contributor

@billabt Turns out this was caused by a bug in Kitura where it was calling Socket.write() after calling Socket.close() in some circumstances. I will put in a fix for Kitura. It may be worthwhile to put in a check for this in Socket and/or SSLService as well.

@na-gupta
Copy link
Contributor

@keshavakarthik Please try again with the fixes in Kitura 1.6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants