All geek questions in one place

Coroutine postponement

My problem seems to be related to the fact that openssl does not have a continuation style for callbacks such as server name (SNI), but I'm trying to insert it into it.

I want to avoid blocking the workflow when reading SSL greetings clients and avoiding blocking the workflow while I refuse to return the SNI callback while waiting for the ssl server session to end (so that I can re-sign the server certificate).

To asiobsaed re-sign the SSL proxy using the shell boost::asio::ssl::streamfor openssl.

I use assistants SSL_CTX_set_tlsext_servername_*to get a callback during SSL negotiation with a client.

For now, make sure I'm using a coroutine and a handshake inside the lambda from boost::asio::spawnon strand. I am using a server name callback (suitably wrapped) so that I can block the client from acknowledging while shaking the server, but without blocking the workflow (the routine will be paused.)

boost::asio::spawn(strand_, [=](boost::asio::yield_context yield){
  boost::system::error_code ec;
  boost::system::error_code ec_server;

  sni_callback = [=,&ec](std::string server_name) {
    server_->ssl_connection->ssl_socket.async_handshake(boost::asio::ssl::stream_base::client, yield[ec_server]);
    /* Todo: sign the server certificate and replace the ssl_socket SSL_CTX here */
  };

  ssl_connection->ssl_socket.handshake(boost::asio::ssl:stream_base::server, ec);

  if (! ec) ec = ec_server;

  handler(ec);
});

But I understand that ssl handshake with the client is blocking the worker thread using it.

I tried the asyc handshake with the client:

  ssl_connection->ssl_socket.async_handshake(boost::asio::ssl:stream_base::server, yield[ec]);

but the segfaults program is in exit during the SNI handler wrapper.

, , SNI - , ( ), - coroutine, , .

( libstd++ ..) stacktrace:

.#0  0x000000000000000c in ?? ()
.#1  0x00007f8200000000 in ?? ()
.#2  0x00007f829e15043d in CRYPTO_free (str=0x7f828c054640) at mem.c:401
.#3  0x00007f829e1faba5 in ASN1_primitive_free (pval=<optimized out>, it=<optimized out>) at tasn_fre.c:261
.#4  0x00007f828c052250 in ?? ()
.#5  0x0000000000000005 in ?? ()
.#6  0x00007f828c0524f0 in ?? ()
.#7  0x0000000000000005 in ?? ()
.#8  0x00007f829d30c560 in ?? ()
.#9  0x00007f829d30c710 in ?? ()
.#10 0x000000000000000c in ?? ()
.#11 0x00007f828c0180b4 in ?? ()
.#12 0x00007f829e15043d in CRYPTO_free (str=0x7f828c052250) at mem.c:401
.#13 0x00007f829e1eb2cf in EVP_PKEY_CTX_free (ctx=<optimized out>) at pmeth_lib.c:381
.#14 0x00007f829e1de1e2 in EVP_MD_CTX_cleanup (ctx=0x7f829d30c590) at digest.c:394
.#15 0x00007f829e5041c1 in tls1_PRF (digest_mask=262400, seed1=0x7f829e5213fb, seed1_len=15, seed2=0x7f829d30c720, seed2_len=-1639094656, seed3=0x0, 
seed3_len=-1657747584, seed4=0x23635fe, seed4_len=-1657747600, sec=0x7f82a0035df0 "\321\365M\236\202\177", slen=<optimized out>, out1=0x7f82a0035178 "d\356@", 
out2=0x7f82a0038508 "", olen=4247053, seed5_len=0, seed5=0x0) at t1_enc.c:272
.#16 0x00007f829e4dbb18 in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
.#17 0x00007f829d30c780 in ?? ()
.#18 0x00000000023635fe in ?? ()
.#19 0x00007f829d30c770 in ?? ()
.#20 0x00007f82a0035df0 in ?? ()
.#21 0x0000000000000000 in ?? ()

, .

SNI , , ssl:: stream . ?

, boost:: ssl , coroutine, , , asio_handler_invoke , . asio_handler_invoke ( -y) .

asio_invoke_handler ?

+4

:

Source: https://habr.com/ru/post/1612796/

More articles:


All Articles