-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"u.peer.connection.ssl is nil" after a successful sslhandshake on ARMv7 #16
Comments
It works fine when using the auxiliary module (which is an acceptable workaround), but without it the bug is present. |
Hi, which version of openresty/nginx version are you using?
--
Regards
fffonion (B607 2745 84E8 D5E5 <https://yooooo.us/gpg.txt>)
|
I'm using openresty source code tarball 1.19.3.1 compiled on an ARMv7 armel platform (not ARM64). |
@Evengard I see, that's probably the reason, the FFI magic to get u.peer.connection.ssl is hacky and based on offset calculated by given struct, so it might get wrong in different arch. Right now we don't have arm based CI running, so I would strongly suggest to use the aux C module (actually even so if you are using x86/x64). I will try to test it on my raspeberry pi just to see what goes wrong. |
That's actually my current solution I'm using which works fine. |
@Evengard This is now fixed and will be included in next release. Turns out Nginx always sets _FILE_OFFSET_BITS to 64 |
Wow, that's one tricky bug... Thank you for the fix! |
READ of size 4 at 0x60300004fba8 thread T0 #0 0x7ffff6d96fb4 in BN_get_word crypto/bn/bn_lib.c:411 fffonion#1 0x555555ca9d98 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x755d98) fffonion#2 0x555555d7149f in lj_ccall_func /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lj_ccall.c:1402 fffonion#3 0x555555ca35b7 in lj_cf_ffi_meta___call /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lib_ffi.c:230 fffonion#4 0x555555ca7773 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x753773) fffonion#5 0x55555599e140 in ngx_http_lua_run_thread ../ngx_lua-0.10.26.8/src/ngx_http_lua_util.c:1190 fffonion#6 0x5555559a9d21 in ngx_http_lua_content_by_chunk ../ngx_lua-0.10.26.8/src/ngx_http_lua_contentby.c:124 fffonion#7 0x55555575d41d in ngx_http_core_content_phase src/http/ngx_http_core_module.c:1269 fffonion#8 0x555555748024 in ngx_http_core_run_phases src/http/ngx_http_core_module.c:885 fffonion#9 0x55555577348d in ngx_http_process_request src/http/ngx_http_request.c:2130 fffonion#10 0x5555557749a6 in ngx_http_process_request_headers src/http/ngx_http_request.c:1529 fffonion#11 0x5555557758c4 in ngx_http_process_request_line src/http/ngx_http_request.c:1196 fffonion#12 0x55555570fb1c in ngx_epoll_process_events src/event/modules/ngx_epoll_module.c:968 fffonion#13 0x5555556e5706 in ngx_process_events_and_timers src/event/ngx_event.c:262 fffonion#14 0x55555570b323 in ngx_single_process_cycle src/os/unix/ngx_process_cycle.c:338 fffonion#15 0x555555660ef4 in main src/core/nginx.c:403 fffonion#16 0x7ffff683feaf in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 fffonion#17 0x7ffff683ff5f in __libc_start_main_impl ../csu/libc-start.c:389 fffonion#18 0x5555556648f4 in _start (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x1108f4) 0x60300004fba8 is located 8 bytes inside of 24-byte region [0x60300004fba0,0x60300004fbb8) freed by thread T0 here: #0 0x7ffff74b46b7 in free (/lib64/libasan.so.6+0xb46b7) fffonion#1 0x7ffff6ea66e7 in CRYPTO_free crypto/mem.c:312 fffonion#2 0x7ffff6d9810e in BN_free crypto/bn/bn_lib.c:231 fffonion#3 0x555555ca9d98 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x755d98) fffonion#4 0x555555d7149f in lj_ccall_func /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lj_ccall.c:1402 fffonion#5 0x555555ca35b7 in lj_cf_ffi_meta___call /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lib_ffi.c:230 fffonion#6 0x555555ca7773 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x753773) previously allocated by thread T0 here: #0 0x7ffff74b4a07 in __interceptor_malloc (/lib64/libasan.so.6+0xb4a07) fffonion#1 0x7ffff6ea66bc in CRYPTO_malloc crypto/mem.c:222 fffonion#2 0x7ffff6ea6807 in CRYPTO_zalloc crypto/mem.c:230 fffonion#3 0x7ffff6d96c15 in BN_new crypto/bn/bn_lib.c:246 fffonion#4 0x555555ca9d98 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x755d98) fffonion#5 0x555555d7149f in lj_ccall_func /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lj_ccall.c:1402 fffonion#6 0x555555ca35b7 in lj_cf_ffi_meta___call /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lib_ffi.c:230 fffonion#7 0x555555ca7773 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x753773)
Hello!
I am trying to get the server certificate from a tcp socket.
I do (roughly):
And at the last stage I am getting "u.peer.connection.ssl is nil" and sslsess is actually nil. I've checked all the other errors - and there are no errors before the "from_socket" call. What am I doing wrong?
The text was updated successfully, but these errors were encountered: