Re: NSS 3.12.5 'libssl3:SSL_OptionGet' not returning?

Fri, 22 Apr 2011 10:52:07 -0700 

On Mon, Apr 11, 2011 at 1:45 AM, Bernhard Thalmayr
<bernhard.thalm...@painstakingminds.com> wrote:
> Hi experts,
>
> I'm experiencing an interesting issue.
>
> OpenAM url-policy agent, which is using NSS/NSPR, 'hangs' when trying to
> establish a connection to an SSL-enabled server.
>
> OS: Solaris10
> Machine: Sun Fire T2000 (CMT)
> NSS: 3.12.5
> NSPR: 4.8.2
>
>
> Trussing the process shows the following ...
>
> "3226/1:                97.4203 getpeername(20, 0xFFBFE140, 0xFFBFE0DC,
> SOV_DEFAULT) Err#134 ENOTCONN
> 3226/1@1:       97.4217 <- libssl3:SSL_ImportFD() = 0x3a0a98
> 3226/1@1:       97.4223 -> libssl3:SSL_OptionGet(0x3a0a98, 0x1, 0xffbfe217,
> 0xfed6f270)
> 3226/1@1:       97.4430   -> libnspr4:PR_GetIdentitiesLayer(0x3a0a98, 0x1,
> 0x42daa8, 0xfecdca21)
> 3226/1@1:       97.4646   <- libnspr4:PR_GetIdentitiesLayer() = 0x3a0a98
> 3226/1@1:       97.4652   -> libnspr4:PR_EnterMonitor(0x4328f0, 0x1,
> 0x3a0a98, 0x1)
> 3226/1@1:       97.4863   <- libnspr4:PR_EnterMonitor() = 0x4328f0
> 3226/1@1:       97.4869   -> libnspr4:PR_EnterMonitor(0x432968, 0x1,
> 0x4328f8, 0x1)
> 3226/1@1:       97.5079   <- libnspr4:PR_EnterMonitor() = 0x432968
> 3226/1@1:       97.5085   -> libnspr4:PR_ExitMonitor(0x432968, 0x1,
> 0x432970, 0x1)
> 3226/1@1:       97.5308   <- libnspr4:PR_ExitMonitor() = 0
> 3226/1@1:       97.5315   -> libnspr4:PR_ExitMonitor(0x4328f0, 0x1,
> 0x432970, 0x1)
> 3226/1@1:       97.5529   <- libnspr4:PR_ExitMonitor() = 0"
>
> The truss ends with this ... no further info.

It's bad that the getpeername() call failed with ENOTCONN.
NSS calls getpeername() to determine if the TCP socket
is connected:
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/sslsock.c&rev=1.70&mark=1232,1265#1230

You should find out why OpenAM url-policy agent is
calling SSL_ImportFD on a TCP socket that's not
connected.

> Could you pleas advice me how to track down this issue?

Build NSS/NSPR and OpenAM url-policy agent with debug
symbols, and attach dbx to the process to get the stack
traces of all the threads?

Wan-Teh
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to