Re: tlsproxy: TLS handshake failed for service=smtp

[Tomas Habarta]

On Mon, Mar 29, 2021 at 01:22:38PM -0400, Wietse Venema wrote:
> Tomas Habarta:
> > Hello,
> > 
> > I would like to ask about the following encountered during selinux testing:
> > * currently running 3.5.8 self-compiled (no vendor packaging), centos8 
> > (selinux disabled)
> > * target platform centos8 (same configuration but selinux enabled)
> 
> Best bet is to strace the tlsproxy process (see DEBUG_README.html)
> and see what syscall is failing.
> 
>       Wietse
Thanks for the hint, it indeed seems to be a problem with fd as Viktor noticed 
(6663 - selinux enabled, 7141 - disabled).
For 6663 there's immediate close after recvmsg:
[6663]: close(128)                              = 0
whereas 7141 goes on further...

Have no idea what it means, but I am sure you do. Will be happy to provide more 
if that helps.


Thanks!
Tomas



[6663]: poll([{fd=128, events=POLLIN}], 1, 5000) = 1 ([{fd=128, 
revents=POLLIN}])
[7141]: poll([{fd=128, events=POLLIN}], 1, 5000) = 1 ([{fd=128, 
revents=POLLIN}])

[6663]: read(128, "remote_endpoint\0[10.25.41.35]:2"..., 4096) = 1283
[7141]: read(128, "remote_endpoint\0[10.25.41.35]:2"..., 4096) = 1283

[6663]: poll([{fd=128, events=POLLOUT}], 1, 5000) = 1 ([{fd=128, 
revents=POLLOUT}])
[7141]: poll([{fd=128, events=POLLOUT}], 1, 5000) = 1 ([{fd=128, 
revents=POLLOUT}])

[6663]: write(128, "status\0001\0\0", 10)       = 10
[7141]: write(128, "status\0001\0\0", 10)       = 10

[6663]: alarm(3)                                = 3
[7141]: alarm(3)                                = 3

[6663]: epoll_wait(11, [{EPOLLIN, {u32=128, u64=94901597372544}}], 100, 5000) = 
1
[7141]: epoll_wait(11, [{EPOLLIN, {u32=128, u64=94643899334784}}], 100, 5000) = 
1

[6663]: epoll_ctl(11, EPOLL_CTL_DEL, 128, 0x7ffc2cd0e32c) = 0
[7141]: epoll_ctl(11, EPOLL_CTL_DEL, 128, 0x7fff7eb5812c) = 0

[6663]: recvmsg(128, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0", 
iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_CTRUNC}, 0) = 1
[7141]: recvmsg(128, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0", 
iov_len=1}], msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, 
cmsg_type=SCM_RIGHTS, cmsg_data=[15]}], msg_controllen=24, msg_flags=0}, 0) = 1