| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
68549
|
Sat Jan 14 08:27:42 2017 |
 | Andreas Warburton | awarburt@physics.mcgill.ca | Bug report | Linux | V3.1.2 | Re: elogd crashes during SSL Mirror operations involving attachments | For the time being, I am deeming ELOG 3.1.2 unusable with https (SSL = 1) functionality on my "Debian GNU/Linux 7 (wheezy)" server with "OpenSSL 1.0.1t", due to the described apparent issues with SSL. Reverting to http (SSL = 0) brings back my ability to upload attachments and synchronize with a remote elogd running on a MacOS laptop.
Interestingly, my records indicate that I suffered a problem with very similar symptoms back in 2011, with version 2.8.0. The problem at that time, which is acknowledged in the Changelog as "Fixed bug with SSL connection shutdown", got fixed in version 2.9.0. Perhaps, when the "Replaced insecure SSLv23 with TLSv1 method" change was implemented for version 3.0.0, a similar issue was (re-)introduced?
It would of course be best if this issue were resolvable soon, due to the security vulnerabilities of http versus https. Thank you in advance for any efforts!
Best regards,
Andreas Warburton
| Andreas Warburton wrote: |
|
When I switch from SSL = 1 to SSL = 0 and I use http:// instead of https://, the ability to upload attachments to logbook entries returns. With both Chrome and Safari browsers, with SSL = 1 the file upload hangs after only a small percentage of the file has been uploaded. I ran the following openssl diagnostic on my elogd port. Would anyone have advice on what might be causing such errors?
tapajo [/usr/local/elog/elog-latest] openssl s_client -connect elog.hep.xxx.xx:80xx -state -nbio | grep "^SSL"
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:unknown state
depth=0 C = EU, ST = SomeState, L = SomeCity, O = SomeOranization, OU = SomeOrganizationUnit, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = EU, ST = SomeState, L = SomeCity, O = SomeOranization, OU = SomeOrganizationUnit, CN = localhost
verify return:1
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:error in unknown state
SSL_connect:error in unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL handshake has read 1733 bytes and written 871 bytes
SSL-Session:
SSL3 alert read:warning:close notify
SSL3 alert write:warning:close notify
| Andreas Warburton wrote: |
|
The attached screenshot shows the behaviour after doing a synchronization (with Mirror simulate = 1) following first having ensured that the local (Mac) and remote (linux) ELOGs initially showed "All entries identical" when doing a simulated synchronization, and then having edited local entries 9707 and 9709 by uploading (different) attachments to them.
The fact that the synchronization is suggesting to renumber two different entry IDs to the same number looks like a bug.
Best regards,
Andreas W.
| Andreas Warburton wrote: |
|
My MacOS (10.12.2) elogd version V3.1.2 is a recent git commit (edc5e85), due to the fix to my earlier-described issue solved in the thread here: https://midas.psi.ch/elogs/Forum/68519.
I am trying to (re-)set up Mirror functionality with a linux server running the standard public (V3.1.2-bd75964). I had initially updated the linux server so that it also had the latest git commit (edc5e85), but could then not even add new logbook entries that involved attachments to it. I therefore rolled the linux server back to the standard public 3.1.2 version.
On the remote Mac, synchronizations usually look like they are going to work fine, with Mirror simulate = 1 switched on. After I set Mirror simulate = 0, and if the server and remote logbook are already identical, I *occasionally* get the proper "All Entries Identical" synchronization result. Unfortunately, this is very rare, and usually there is a failure whereby the remote (Mac) logbook decides that a significant fraction of its entries (usually sequential, from some seemingly random entry all the way up to the last entry) are missing on the linux server and need to be submitted back to the server from the remote Mac.
When the local and remote logbooks are not identical, and a record in need of synchronization contains an attachment, there is again destructive behaviour similar to that described above, except that the Mac elogd executable usually crashes. (As in the case of the already-identical synchronizations described above, I only tested this after observing the correct expected behaviour first with Mirror simulate = 1.)
I'd be grateful for some help/suggestions. My current testing suggests that my problems are likely not elog-content dependent. (The logbook now undergoing synching has less than 10 entries in it.)
More generally, the issue of having things behave fine with Mirror simulate = 1, but then experiencing corruption/damage when switching to Mirror simulate = 0 seems serious to me.
Many thanks, Andreas
|
|
|
|
|
68552
|
Thu Jan 19 12:56:51 2017 |
| Andreas Warburton | awarburt@physics.mcgill.ca | Bug report | Linux | V3.1.2 | Re: elogd crashes during SSL Mirror operations involving attachments | Further to my comment in https://midas.psi.ch/elogs/Forum/68549, if the described synchronization requires attachment(s) to be transferred from my Mac laptop to the Debian linux server (with SSL = 0 set), it fails in all the tests that I tried.
To check whether these problems are linked to the OpenSSL version on the linux server, we also tried building an elogd executable using 1.0.2j instead of 1.0.1t. This did not appear to change/improve the behaviour.
I'd like to keep using ELOG into the foreseeable future. Don't hesitate to contact me if you'd like me to beta test any upcoming releases. I'd appreciate having the earlier mirroring and attachment-handling functionality back again.
Best regards,
Andreas W.
| Andreas Warburton wrote: |
|
For the time being, I am deeming ELOG 3.1.2 unusable with https (SSL = 1) functionality on my "Debian GNU/Linux 7 (wheezy)" server with "OpenSSL 1.0.1t", due to the described apparent issues with SSL. Reverting to http (SSL = 0) brings back my ability to upload attachments and synchronize with a remote elogd running on a MacOS laptop.
Interestingly, my records indicate that I suffered a problem with very similar symptoms back in 2011, with version 2.8.0. The problem at that time, which is acknowledged in the Changelog as "Fixed bug with SSL connection shutdown", got fixed in version 2.9.0. Perhaps, when the "Replaced insecure SSLv23 with TLSv1 method" change was implemented for version 3.0.0, a similar issue was (re-)introduced?
It would of course be best if this issue were resolvable soon, due to the security vulnerabilities of http versus https. Thank you in advance for any efforts!
Best regards,
Andreas Warburton
| Andreas Warburton wrote: |
|
When I switch from SSL = 1 to SSL = 0 and I use http:// instead of https://, the ability to upload attachments to logbook entries returns. With both Chrome and Safari browsers, with SSL = 1 the file upload hangs after only a small percentage of the file has been uploaded. I ran the following openssl diagnostic on my elogd port. Would anyone have advice on what might be causing such errors?
tapajo [/usr/local/elog/elog-latest] openssl s_client -connect elog.hep.xxx.xx:80xx -state -nbio | grep "^SSL"
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:unknown state
depth=0 C = EU, ST = SomeState, L = SomeCity, O = SomeOranization, OU = SomeOrganizationUnit, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = EU, ST = SomeState, L = SomeCity, O = SomeOranization, OU = SomeOrganizationUnit, CN = localhost
verify return:1
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL_connect:error in unknown state
SSL_connect:error in unknown state
SSL_connect:unknown state
SSL_connect:unknown state
SSL handshake has read 1733 bytes and written 871 bytes
SSL-Session:
SSL3 alert read:warning:close notify
SSL3 alert write:warning:close notify
| Andreas Warburton wrote: |
|
The attached screenshot shows the behaviour after doing a synchronization (with Mirror simulate = 1) following first having ensured that the local (Mac) and remote (linux) ELOGs initially showed "All entries identical" when doing a simulated synchronization, and then having edited local entries 9707 and 9709 by uploading (different) attachments to them.
The fact that the synchronization is suggesting to renumber two different entry IDs to the same number looks like a bug.
Best regards,
Andreas W.
| Andreas Warburton wrote: |
|
My MacOS (10.12.2) elogd version V3.1.2 is a recent git commit (edc5e85), due to the fix to my earlier-described issue solved in the thread here: https://midas.psi.ch/elogs/Forum/68519.
I am trying to (re-)set up Mirror functionality with a linux server running the standard public (V3.1.2-bd75964). I had initially updated the linux server so that it also had the latest git commit (edc5e85), but could then not even add new logbook entries that involved attachments to it. I therefore rolled the linux server back to the standard public 3.1.2 version.
On the remote Mac, synchronizations usually look like they are going to work fine, with Mirror simulate = 1 switched on. After I set Mirror simulate = 0, and if the server and remote logbook are already identical, I *occasionally* get the proper "All Entries Identical" synchronization result. Unfortunately, this is very rare, and usually there is a failure whereby the remote (Mac) logbook decides that a significant fraction of its entries (usually sequential, from some seemingly random entry all the way up to the last entry) are missing on the linux server and need to be submitted back to the server from the remote Mac.
When the local and remote logbooks are not identical, and a record in need of synchronization contains an attachment, there is again destructive behaviour similar to that described above, except that the Mac elogd executable usually crashes. (As in the case of the already-identical synchronizations described above, I only tested this after observing the correct expected behaviour first with Mirror simulate = 1.)
I'd be grateful for some help/suggestions. My current testing suggests that my problems are likely not elog-content dependent. (The logbook now undergoing synching has less than 10 entries in it.)
More generally, the issue of having things behave fine with Mirror simulate = 1, but then experiencing corruption/damage when switching to Mirror simulate = 0 seems serious to me.
Many thanks, Andreas
|
|
|
|
|
|
68553
|
Sat Jan 28 22:23:46 2017 |
 | Lee Burnside | lee.burnside@ttu.edu | Bug report | Linux | 3.1.2 | Elog crashing at random intervals | We're running Elog 3.1.2 om SL 7.2 and keep getting random crashes, sometimes when no one is accessing a logbook. The following is from /var/log/messages with debugging turned on after the latest crash.
Jan 28 12:43:56 archer elogd[9629]: POST /PHYS3305Spring2017/ HTTP/1.1
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "ajs_anonymous_id"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "ajs_user_id"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "ajs_group_id"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "__utma"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "__utmz"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "elc"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "_ga"
Jan 28 12:43:56 archer kernel: elogd[9629]: segfault at 0 ip 000000000042237e sp 00007ffe50fcfdc0 error 4 in elogd[400000+8b000]
Jan 28 12:43:56 archer systemd: elogd.service: main process exited, code=killed, status=11/SEGV
Jan 28 12:43:56 archer systemd: Unit elogd.service entered failed state.
Jan 28 12:43:56 archer systemd: elogd.service failed.
Nothing odd in the logbooks, no real activity happening at the time of any crash. Crashes after any amount of time from 1 hour to 24 hours, with littleAny clues?
|
|
68554
|
Mon Jan 30 12:03:36 2017 |
 | Lee Burnside | lee.burnside@ttu.edu | Bug report | Linux | 3.1.2 | Re: Elog crashing at random intervals | Never mind, version from github solved issue.
Lee
| Lee Burnside wrote: |
|
We're running Elog 3.1.2 om SL 7.2 and keep getting random crashes, sometimes when no one is accessing a logbook. The following is from /var/log/messages with debugging turned on after the latest crash.
Jan 28 12:43:56 archer elogd[9629]: POST /PHYS3305Spring2017/ HTTP/1.1
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "ajs_anonymous_id"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "ajs_user_id"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "ajs_group_id"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "__utma"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "__utmz"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "elc"
Jan 28 12:43:56 archer elogd[9629]: Received unknown cookie "_ga"
Jan 28 12:43:56 archer kernel: elogd[9629]: segfault at 0 ip 000000000042237e sp 00007ffe50fcfdc0 error 4 in elogd[400000+8b000]
Jan 28 12:43:56 archer systemd: elogd.service: main process exited, code=killed, status=11/SEGV
Jan 28 12:43:56 archer systemd: Unit elogd.service entered failed state.
Jan 28 12:43:56 archer systemd: elogd.service failed.
Nothing odd in the logbooks, no real activity happening at the time of any crash. Crashes after any amount of time from 1 hour to 24 hours, with littleAny clues?
|
|
|
68576
|
Wed Feb 8 16:38:15 2017 |
 | fbretel | nothx@hello.com | Bug report | Linux | 3.1.1 | Possible misuse of email headers Message-Id and In-Reply-To | Hi,
As mentionned before, we happen to fail to receive email messages related to updates on elog entries at our site. My understanding is that the SMTP header Message-Id MUST be unique for each email message. Whereas all elogd email messages get something like <logbook>-<entryId>@<domain>. See source code. For this header to become unique, there should be a random part in it.
Having the same Message-Id in multiple email messages results in only the first one being delivered on some email systems.
Moreover, elogd sets the In-Reply-To: header in the same manner (<logbook>-<entryId>@<domain>). Which is incorrect because this header relates to email messages, not elog entries, and should contain the email Message-Id of the email message to which it replies, itself handled by the email messaing system. But elogd hasn't received any email messsage in the first place. So I believe this header should simply be dropped.
I think I can provide a pull request on bitbucket for the Message-Id issue, and probably also for the In-Reply-To: if you decide it can be removed.
Cheers |
|
68577
|
Wed Feb 8 18:16:30 2017 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 3.1.1 | Re: Possible misuse of email headers Message-Id and In-Reply-To | A pull request would be highy appreciated, because you can then test it thoroughly on your side. Adding a random number to the message id is simple. "Reply-to" indeed does not make sense since elog cannot receive emails. Most sites use a generic "noreply@<domain>" to indicate to the user that a reply does not make sense. I guess the "Reply-to" does not have to be unique, right?
| fbretel wrote: |
|
Hi,
As mentionned before, we happen to fail to receive email messages related to updates on elog entries at our site. My understanding is that the SMTP header Message-Id MUST be unique for each email message. Whereas all elogd email messages get something like <logbook>-<entryId>@<domain>. See source code. For this header to become unique, there should be a random part in it.
Having the same Message-Id in multiple email messages results in only the first one being delivered on some email systems.
Moreover, elogd sets the In-Reply-To: header in the same manner (<logbook>-<entryId>@<domain>). Which is incorrect because this header relates to email messages, not elog entries, and should contain the email Message-Id of the email message to which it replies, itself handled by the email messaing system. But elogd hasn't received any email messsage in the first place. So I believe this header should simply be dropped.
I think I can provide a pull request on bitbucket for the Message-Id issue, and probably also for the In-Reply-To: if you decide it can be removed.
Cheers
|
|
|
68578
|
Wed Mar 15 16:04:13 2017 |
| fbretel | nothx@hello.com | Bug report | Linux | 3.1.1 | Re: Possible misuse of email headers Message-Id and In-Reply-To | Pull-request posted. Cheers. |
|
68579
|
Wed Mar 15 16:42:35 2017 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 3.1.1 | Re: Possible misuse of email headers Message-Id and In-Reply-To | Pull-request merged.
|
|