Mailing List Archive

Porting conserver to OpenSSL 1.1
Hi,

I've been trying to get conserver to work with OpenSSL 1.1, as this will
soon be the only version available in Debian Linux:
https://bugs.debian.org/851085

The attached patch fixes a few trivial compile errors caused by API
changes. With the attached patch applied, the code builds against
Debian sid's libssl-dev (1.1). However, the server rejects all
connections with a "handshake error", and a pretty generic error
message that just means something is wrong with ciphers, certificates,
or something like that. This causes all the tests to fail. The code
doesn't even reach the place the patch changes, so it's unlikely to be
the cause.

Has anyone made any further progress? Does anyone know what the problem
is?

Any help greatly appreciated.

Chris.

---

The errors are:

140691693188864:error:14094410:SSL routines:ssl3_read_bytes:sslv3
alert handshake failure:../ssl/record/rec_layer_s3.c:1399:SSL alert number 40

error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
Re: Porting conserver to OpenSSL 1.1 [ In reply to ]
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Porting conserver to OpenSSL 1.1 [ In reply to ]
Chris> I've been trying to get conserver to work with OpenSSL 1.1, as this will
Chris> soon be the only version available in Debian Linux:
Chris> https://bugs.debian.org/851085

Awesome news!

Chris> The attached patch fixes a few trivial compile errors caused by API
Chris> changes. With the attached patch applied, the code builds against
Chris> Debian sid's libssl-dev (1.1). However, the server rejects all
Chris> connections with a "handshake error", and a pretty generic error
Chris> message that just means something is wrong with ciphers, certificates,
Chris> or something like that. This causes all the tests to fail. The code
Chris> doesn't even reach the place the patch changes, so it's unlikely to be
Chris> the cause.

I wonder if the issue is that it looks like you're trying to use
sslv3, but I bet you need to change to using TLSv1 or v2 instead,
since ssl2 and ssl3 are deprecated now.

Can you post your patches? Or a link to a git repo I could pull and
glance over? But I warn you all, I'm not a strong C hacker at all...


Chris> Has anyone made any further progress? Does anyone know what the problem
Chris> is?

Chris> Any help greatly appreciated.

Chris> Chris.

Chris> ---

Chris> The errors are:

Chris> 140691693188864:error:14094410:SSL routines:ssl3_read_bytes:sslv3
Chris> alert handshake failure:../ssl/record/rec_layer_s3.c:1399:SSL alert number 40

Chris> error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher

Chris> [DELETED ATTACHMENT conserver-ssl11.patch, text/x-diff]
Chris> _______________________________________________
Chris> users mailing list
Chris> users@conserver.com
Chris> https://www.conserver.com/mailman/listinfo/users
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Porting conserver to OpenSSL 1.1 [ In reply to ]
On Tue, Jul 25, 2017 at 05:43:06PM -0400, John Stoffel wrote:
> I wonder if the issue is that it looks like you're trying to use
> sslv3, but I bet you need to change to using TLSv1 or v2 instead,
> since ssl2 and ssl3 are deprecated now.

This is fixed by OpenSSL itself by macros; requests for SSL2/3 are just
requests for "the latest TLS version" now:

https://github.com/openssl/openssl/blob/d445302418b41b76c15e103954b1311d98077480/include/openssl/ssl.h#L1750

I can see this in the tcpdump; the client is happily talking 1.2.



> Can you post your patches? Or a link to a git repo I could pull and
> glance over? But I warn you all, I'm not a strong C hacker at all...

I didn't realise the mailing list would strip the patch, bah! Here's a repo:

https://github.com/FauxFaux/conserver

The patch:

https://github.com/FauxFaux/conserver/commit/08be145f18fe4dda5e7cb4cd8fc65420e45348f3

You can see the problem just by running:
autoreconf -vf
./configure --with-openssl
make
make test

..

executing test #1...failed (diffs in test1.diff)

..

--
Chris.

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Porting conserver to OpenSSL 1.1 [ In reply to ]
>>>>> "solo-conserver" == solo-conserver <solo-conserver@goeswhere.com> writes:

solo-conserver> On Tue, Jul 25, 2017 at 05:43:06PM -0400, John Stoffel wrote:
>> I wonder if the issue is that it looks like you're trying to use
>> sslv3, but I bet you need to change to using TLSv1 or v2 instead,
>> since ssl2 and ssl3 are deprecated now.

solo-conserver> This is fixed by OpenSSL itself by macros; requests for SSL2/3 are just
solo-conserver> requests for "the latest TLS version" now:

solo-conserver> https://github.com/openssl/openssl/blob/d445302418b41b76c15e103954b1311d98077480/include/openssl/ssl.h#L1750

solo-conserver> I can see this in the tcpdump; the client is happily talking 1.2.

That's good to know.


>> Can you post your patches? Or a link to a git repo I could pull and
>> glance over? But I warn you all, I'm not a strong C hacker at all...

solo-conserver> I didn't realise the mailing list would strip the patch, bah! Here's a repo:

solo-conserver> https://github.com/FauxFaux/conserver

solo-conserver> The patch:

solo-conserver> https://github.com/FauxFaux/conserver/commit/08be145f18fe4dda5e7cb4cd8fc65420e45348f3

I'm looking at this now. Got busy with other stuff past few days...


solo-conserver> You can see the problem just by running:
solo-conserver> autoreconf -vf
solo-conserver> ./configure --with-openssl
solo-conserver> make
solo-conserver> make test

Can you give more details on your evironment, and the exact version of
openssl you have installed?

Also, looking at your patch, I see that you removed DH_new() call, but
never replaced it. So I wonder if that's part of the problem?

John
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Porting conserver to OpenSSL 1.1 [ In reply to ]
And my initial poking at this on Debian Jessie x86_64 ended in
failure, since I'm not running the sid and it's openssl-110 packages
anywhere yet.

Also, we will need to make sure that conserver using the new version
of openssl will be able to talk with clients/servers using the older
version of openssl as well.

From looking at the discussions, as long as we don't have CTX
structures around, we should be ok. And I suspect we will be ok.

And another thing, this patch also breaks compiles on openssl-1.0.x
systems, so that needs to be addressed down the line as well, with
some sort of switch of #ifdef to handle the transition cleanly.

John
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Porting conserver to OpenSSL 1.1 [ In reply to ]
On Fri, Jul 28, 2017 at 12:00:55PM -0400, John Stoffel wrote:
> Can you give more details on your evironment, and the exact version of
> openssl you have installed?

The packages installed are: https://paste.debian.net/978748/

Specifically:
libssl-dev/unstable,now 1.1.0f-3 amd64 [installed]

The build is being done in a Debian Sid chroot, which is how Debian
packages are typically developed. It's essentially the most minimal
environment in which you could expect things to build; minimal other
distractions, and a really good idea about exactly what has changed.
In this environment, conserver's tests pass fine with openssl 1.0.
The easiest way to simulate this on other systems is probably with
Docker, instead of trying to use pbuilder:

Start a Debian Sid container, interactively:
$ docker run -it debian:sid


And, inside, download the dependencies, the code, then try and build:

apt update && \
apt upgrade --yes && \
apt install --yes git ca-certificates debhelper build-essential && \
apt install --yes libpam0g-dev libwrap0-dev libssl-dev && \
git clone https://github.com/FauxFaux/conserver && \
cd conserver && \
autoreconf -fvi && \
./configure --with-openssl && \
make && \
make test


> Also, looking at your patch, I see that you removed DH_new() call, but
> never replaced it. So I wonder if that's part of the problem?

The DH_new() call has been moved down the method, to make the error handling
easier. But, it can't be the problem anyway: the new code is never hit; the
log statement in `TmpDHCallback` is never reached, so the new code cannot
be the problem.

Chris.

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Porting conserver to OpenSSL 1.1 [ In reply to ]
>>>>> "Chris" == Chris <solo-conserver@goeswhere.com> writes:

Chris> On Fri, Jul 28, 2017 at 12:00:55PM -0400, John Stoffel wrote:
>> Can you give more details on your evironment, and the exact version of
>> openssl you have installed?

Chris> The packages installed are: https://paste.debian.net/978748/

Chris> Specifically:
Chris> libssl-dev/unstable,now 1.1.0f-3 amd64 [installed]

Chris> The build is being done in a Debian Sid chroot, which is how Debian
Chris> packages are typically developed. It's essentially the most minimal
Chris> environment in which you could expect things to build; minimal other
Chris> distractions, and a really good idea about exactly what has changed.
Chris> In this environment, conserver's tests pass fine with openssl 1.0.
Chris> The easiest way to simulate this on other systems is probably with
Chris> Docker, instead of trying to use pbuilder:

Ok, I spent some time yesterday spinning up a Debian SID VM instead,
haven't had the chance to play with docker, etc yet. And I do the
build problem there (base 8.2.1 without your changes).

I also tried widening the allowed set of certficates in the SetupSSL()
function to "ALL:!eNULL" but that didn't make a difference. Haven't
had the time to poke deeper. I'm also more of a SysAdmin hacker, not
a developer, so my C skills are rusty. And my openssl
hacking... non-existent.

LOL. So I'll be slow in my helping here.

We probably need to break is down more to just the bare bones SSL
setup and configuration, to make sure it's working. I figure the
openssl tool might be a help here.


Chris> Start a Debian Sid container, interactively:
Chris> $ docker run -it debian:sid


Chris> And, inside, download the dependencies, the code, then try and build:

Chris> apt update && \
Chris> apt upgrade --yes && \
Chris> apt install --yes git ca-certificates debhelper build-essential && \
Chris> apt install --yes libpam0g-dev libwrap0-dev libssl-dev && \
Chris> git clone https://github.com/FauxFaux/conserver && \
Chris> cd conserver && \
Chris> autoreconf -fvi && \
Chris> ./configure --with-openssl && \
Chris> make && \
Chris> make test


>> Also, looking at your patch, I see that you removed DH_new() call, but
>> never replaced it. So I wonder if that's part of the problem?

Chris> The DH_new() call has been moved down the method, to make the error handling
Chris> easier. But, it can't be the problem anyway: the new code is never hit; the
Chris> log statement in `TmpDHCallback` is never reached, so the new code cannot
Chris> be the problem.

Chris> Chris.

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Porting conserver to OpenSSL 1.1 [ In reply to ]
Chris,
Been speding a little time poking at this. Tried using the openssl
client to test connections, and I suspect that this points us in the
right direction to fix this. Using the latest patch you posted a week
ago, I get the following in my test, where I start the conserver
daemon using the test.cf file and the args from the dotest script:

> ../conserver/conserver -M 127.0.0.1 -p 7777 -v -C test.cf -P \
test.passwd -m 32


Then I just used the the following to do a test connection:

root@sid:/home/john/conserver/test# openssl s_client -connect
localhost:7777
CONNECTED(00000003)
[Tue Aug 1 16:31:01 2017] conserver (12052): ERROR: ParseIACBuf(): fd
4: unrecognized quoted-OB_IAC char
140153917515008:error:1408F10B:SSL routines:ssl3_get_record:wrong
version number:../ssl/record/ssl3_record.c:252:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1501619461
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master
secret: no
---
[Tue Aug 1 16:31:01 2017] conserver (12052): ERROR: FileRead(): fd 4: Connection reset by peer


Which doesn't tell us a ton really... maybe that I'm not doing the connection correctly. But more importantly, I think it's showing that there's a connection made using ssl3, which has problems.

It's just a thought...

John

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users