1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • sbbs SEGV with mqtt TSL enabled.

    From Nigel Reed@1:103/705 to GitLab issue in main/sbbs on Wednesday, December 13, 2023 16:55:40
    open https://gitlab.synchro.net/main/sbbs/-/issues/680

    I'm assuming there's a certificate issue but I could do with help in trying to determine what might be wrong here.

    ```
    Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". --Type <RET> for more, q to quit, c to continue without paging--c
    Core was generated by `/sbbs/exec/sbbs d'.
    Program terminated with signal SIGSEGV, Segmentation fault.
    #0 0x00007ff1704d815a in sanityCheckBignum () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
    [Current thread is 1 (Thread 0x7ff156ffd640 (LWP 1352))]
    (gdb) bt
    #0 0x00007ff1704d815a in sanityCheckBignum () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
    #1 0x00007ff1704d820d in BN_clear () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
    #2 0x00007ff1704d82cd in BN_free () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
    #3 0x00007ff16f3fc838 in ?? () from /lib/x86_64-linux-gnu/libssl.so.3
    #4 0x00007ff16f3d6735 in ?? () from /lib/x86_64-linux-gnu/libssl.so.3
    #5 0x00007ff16f3e9e3e in SSL_free () from /lib/x86_64-linux-gnu/libssl.so.3
    #6 0x00007ff16f883afb in ?? () from /usr/lib/x86_64-linux-gnu/libmosquitto.so.1
    #7 0x00007ff16f883fc2 in mosquitto_destroy () from /usr/lib/x86_64-linux-gnu/libmosquitto.so.1
    #8 0x00007ff170030638 in js_finalize_mqtt (cx=0x7ff148071f30, obj=0x7ff155e2f4c8) at js_mqtt.c:46
    #9 0x00007ff1701d1bdc in JSObject::finalize (cx=0x7ff148071f30, this=0x7ff155e2f4c8)
    at /home/bbs/sbbs-test/repo/3rdp/src/mozjs/js-1.8.5/js/src/jsobjinlines.h:137
    #10 FinalizeArenaList<JSObject> (comp=0x7ff148093120, cx=0x7ff148071f30, thingKind=0) at jsgc.cpp:1944
    #11 0x00007ff1701cface in JSCompartment::finalizeObjectArenaLists (this=0x7ff148093120, cx=0x7ff148071f30) at jsgc.cpp:2005
    #12 0x00007ff1701d0a91 in MarkAndSweep (cx=0x7ff148071f30, gckind=GC_NORMAL) at jsgc.cpp:2471
    #13 0x00007ff1701d1199 in GCUntilDone (cx=0x7ff148071f30, comp=0x0, gckind=GC_NORMAL) at jsgc.cpp:2755
    #14 0x00007ff1701d135d in js_GC (cx=0x7ff148071f30, comp=0x0, gckind=GC_NORMAL) at jsgc.cpp:2824
    #15 0x00007ff17014411b in JS_GC (cx=0x7ff148071f30) at jsapi.cpp:2670
    #16 0x00007ff16ff6b043 in sbbs_t::js_execfile (this=0x7ff15c120390, cmd=0x7ff15c1332ee "mqtt_stats", startup_dir=0x7ff15c283d81 "/sbbs/exec/",
    scope=0x0, js_cx=0x7ff148071f30, js_glob=0x7ff155e03048) at exec.cpp:706 #17 0x00007ff170117905 in sbbs_t::external (this=0x7ff15c120390, cmdline=0x7ff15c1332ed "?mqtt_stats", mode=256,
    startup_dir=0x7ff15c283d81 "/sbbs/exec/") at xtrn.cpp:1116
    #18 0x00007ff170086208 in event_thread (arg=0x7ff15c120390) at main.cpp:3296 #19 0x00007ff16fbd0ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
    #20 0x00007ff16fc62660 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
    ```

    This is probably overkill but I am working on automating so...

    I added my bbs user to the mosquitto group and made sure it had access to /etc/mosquitto/certs

    Create a p12 version of the letsyncrypt certificates

    # jsexec certtool --export-pkcs12 /sbbs/ctrl/sbbs.p12

    Create individual certs

    # openssl pkcs12 -in /tmp/sbbs.p12 -nocerts -nodes -out /sbbs/ctrl/sbbs.private_key.pem -passin 'pass:xxxxxx'
    # openssl pkcs12 -in /tmp/sbbs.p12 -clcerts -nokeys -out /sbbs/ctrl/sbbs.cert.pem -passin 'pass:xxxxxx'

    Download the Lets Encrypt root cert.

    # wget https://letsencrypt.org/certs/lets-encrypt-r3.pem

    Put all three .pem certificates in /etc/mosquitto/certs and make sure the mosquitto group has read access to all 3 files.

    (I may be using the wrong cert from Let's Encrypt, I don't know!)

    Configure sbbs as follows

    ```
    [MQTT]
    Enabled=true
    Verbose=true
    Broker_addr=127.0.0.1
    Broker_port=8883
    Protocol_version=5
    Keepalive=11
    Publish_QOS=0
    Subscribe_QOS=2
    Username=bbs
    Password=ejC3djs5cqHqu8FK
    LogLevel=Debugging
    TLS_mode=1
    TLS_cafile=/etc/mosquitto/certs/lets-encrypt-r3.pem TLS_certfile=/etc/mosquitto/certs/sbbs.cert.pem TLS_keyfile=/etc/mosquitto/certs/sbbs.private_key.pem
    TLS_keypass=
    TLS_psk=
    TLS_identity=
    ```

    I don't think a keypass is needed since I can view details of the private_key without entering one.

    I have cores from most all the services, depending which one it hits first.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab note in main/sbbs on Wednesday, December 13, 2023 17:33:22
    https://gitlab.synchro.net/main/sbbs/-/issues/680#note_4545

    Looks like possibly a conflict between OpenSSL (used by mosquitto) and CryptLib (used by SBBS) BigNum functions:
    ```
    bt[Thread debugging using libthread_db enabled]
    Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
    Core was generated by `jsexec mqtt_pub -H -m test'.
    Program terminated with signal SIGSEGV, Segmentation fault.
    #0 0x00007f4b7211415a in sanityCheckBignum () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
    [Current thread is 1 (Thread 0x7f4b6ecfc740 (LWP 3147))]
    (gdb) bt
    #0 0x00007f4b7211415a in sanityCheckBignum () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
    #1 0x00007f4b7211420d in BN_clear () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
    #2 0x00007f4b721142cd in BN_free () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
    #3 0x00007f4b71328838 in ?? () from /lib/x86_64-linux-gnu/libssl.so.3
    #4 0x00007f4b71302735 in ?? () from /lib/x86_64-linux-gnu/libssl.so.3
    #5 0x00007f4b71315e3e in SSL_free () from /lib/x86_64-linux-gnu/libssl.so.3
    #6 0x00007f4b716afafb in ?? () from /usr/lib/x86_64-linux-gnu/libmosquitto.so.1
    #7 0x00007f4b716affc2 in mosquitto_destroy () from /usr/lib/x86_64-linux-gnu/libmosquitto.so.1
    #8 0x00007f4b71c6c638 in js_finalize_mqtt (cx=0x5569e6d1ec50, obj=0x7f4b6df30480) at js_mqtt.c:46
    #9 0x00007f4b71e0dbdc in JSObject::finalize (cx=0x5569e6d1ec50, this=0x7f4b6df30480)
    at /home/bbs/sbbs-test/repo/3rdp/src/mozjs/js-1.8.5/js/src/jsobjinlines.h:137
    #10 FinalizeArenaList<JSObject> (comp=0x5569e6d61660, cx=0x5569e6d1ec50, thingKind=0) at jsgc.cpp:1944
    #11 0x00007f4b71e0bace in JSCompartment::finalizeObjectArenaLists (this=0x5569e6d61660, cx=0x5569e6d1ec50) at jsgc.cpp:2005
    #12 0x00007f4b71e0ca91 in MarkAndSweep (cx=0x5569e6d1ec50, gckind=GC_LAST_CONTEXT) at jsgc.cpp:2471
    #13 0x00007f4b71e0d199 in GCUntilDone (cx=0x5569e6d1ec50, comp=0x0, gckind=GC_LAST_CONTEXT) at jsgc.cpp:2755
    #14 0x00007f4b71e0d35d in js_GC (cx=0x5569e6d1ec50, comp=0x0, gckind=GC_LAST_CONTEXT) at jsgc.cpp:2824
    #15 0x00007f4b71db6432 in js_DestroyContext (cx=0x5569e6d1ec50, mode=JSDCM_FORCE_GC) at jscntxt.cpp:1068
    #16 0x00007f4b71d7cfe3 in JS_DestroyContext (cx=0x5569e6d1ec50) at jsapi.cpp:989
    #17 0x00005569e4b5547b in main (argc=5, argv=0x7ffcf0584df8, env=0x7ffcf0584e28) at jsexec.c:1547
    ```
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to GitLab issue in main/sbbs on Wednesday, December 13, 2023 20:17:49
    close https://gitlab.synchro.net/main/sbbs/-/issues/680
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)