On 05/11/2015 10:59 AM, Stuart Henderson wrote:
On 2015-05-11, C.L. Martinez <carlopm...@gmail.com> wrote:
On 05/11/2015 09:00 AM, Philip Guenther wrote:
On Mon, May 11, 2015 at 1:13 AM, C.L. Martinez <carlopm...@gmail.com> wrote:
On 05/06/2015 11:15 AM, C.L. Martinez wrote:
I have a strange problem with sslsplit (installed from packages) in a
OpenBSD 5.7 amd64 host. Every 30 minutes (more or less. It is not
exactly), sslsplit needs to be restarted:
...
I have contacted with the developer last week and told me that this is not
a bug in sslsplit, points to OpenBSD.
Did the developer point to something specific, or just say that this
problem isn't being seen on other OS?
Please, any advice, help or tip??
Looking at the packaging bits, it appears the sslsplit program changes
uid after starting. This means that if it's coredumping, you can
easily capture the core files by following the example at the bottom
of the sysctl(1) manpage, doing something like the following as root:
mkdir /var/crash/sslsplit
chmod 700 /var/crash/sslsplit
sysctl kern.nosuidcoredump=3
I suggest you *first* compile it yourself, with debugging information.
You'll need to unpack the ports source for the version of OpenBSD
you're running, then
cd /usr/ports/security/sslsplit
make CFLAGS=-ggdb reinstall
Then do the mkdir/chmod/sysctl steps above so that any core files are
left in /var/crash/sslsplit/, then run it and see if the restarts are
leaving behind core files there. If they are, then include the gdb
backtrace in your report here.
Philip Guenther
Here is her answer:
Hi C.L.,
This is very likely not a bug in sslsplit itself. I cannot
support the OpenBSD packages or OpenBSD monit functionality. You
will have to use whatever mechanism OpenBSD provides to support
their system and packages. I am not familiar with what or how
that would be.
Daniel
Ok, I will try these recommendations Phillip. Many thanks.
Additionally to Philip's advice, the package does not include an rc.d
script so you have written your own. Please also include a copy of this
script and the command line flags you're using.
Can you replicate the problem if you run sslsplit in the foreground
or better still in debug mode (-D)? (Did the upstream developer ask you
to do this? If not, I am *very* surprised). Ideally run it from gdb
in debug mode (obviously replace the "set args" line with whatever
you normally use, plus -D):
# gdb `which sslsplit`
set args -c /path/to/cert.pem -D https 127.0.0.1 8585 ipfw
run
If/when it crashes, "backtrace full" and "thread apply all backtrace",
along with the recent debug output might be useful.
Many thanks Stuart. I will try it as soon as possible.
