ocserv 0.9.0.1 not doing TLS handshake

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Jan 29 15:47:33 PST 2015


On Tue, 2015-01-27 at 21:17 +0800, Lemon Lam wrote:
> 於 2015/1/27 下午 09:10, Nikos Mavrogiannopoulos 提到:
> > On Tue, Jan 27, 2015 at 10:39 AM, Lemon Lam <alemonmk at gmail.com> wrote:
> >> 於 2015/1/27 下午 05:10, Nikos Mavrogiannopoulos 提到:
> >>> On Tue, Jan 27, 2015 at 10:01 AM, Lemon Lam <alemonmk at gmail.com> wrote:
> >>>>> Do you use linux-namespaces or seccomp? If yes try disabling it.
> >>>>> Otherwise please provide more information about your build.
> >>>> I can confirm that disabling seccomp do get rid of the problem.
> >>> Then, could you provide more information about your kernel version,
> >>> the cpu architecture, and the output of "strace -f" of ocserv?
> >> Kernel is Linode's customised 3.18.1-x86_64, but the OS is i386.
> >> strace output is attached.
> > 
> > As far as I understand the seccomp filter does prevent select() from
> > being executed. Do you have the latest libseccomp in that platform?
> Yes, libseccomp2 from Debian repo is 2.1.1, same with the one on
> sourceforge, aptitude tells me that it's up to date too.

Thanks to Paul Moore, the issue is found. In x86, glibc calls
_newselect() instead of the select() system call. That was not shown by
strace for some reason. I've committed a fix in master which should
allow enabling seccomp in x86.

http://git.infradead.org/ocserv.git/commitdiff/639514d1e10c0781eb43f6ca092b3099f53a2e37

regards,
Nikos





More information about the openconnect-devel mailing list