public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] SSL giving corrupted MAC on input
@ 2009-07-06 16:31 Simon
  2009-07-06 16:43 ` [gentoo-user] " Simon
  2009-07-07  0:47 ` [gentoo-user] " Paul Colquhoun
  0 siblings, 2 replies; 5+ messages in thread
From: Simon @ 2009-07-06 16:31 UTC (permalink / raw
  To: gentoo-user

Hi there!
  I'm getting this issue where even very small transfers through ssh
will cause this error message:  Corrupted MAC on input.  I've done my
homework and found out this is not necessarily related to the network
hardware as TCP would retransmit such corrupted packets, moreover the
error message is clearly related to ssh as googling proves this.

  A quick troubleshooting i've done was to setup apache and simply
wget a very large file over plain HTTP.  Transfer worked, i did it a
second time and diff'ed the two downloads, they were the same.  I then
did the same test over HTTPS and got an error
(SSL3_GET_RECORD:decryption failed or bad record mac). This clarified
the problem is much more related to SSL than anything else.

  A quick glance at `emerge -vp openssl` showed an issue:  it had been
compiled with sse2 support while this computer's cpu didnt support
that.  Changed use flags and recompiled, restarted ssh and apache.
They both continued giving the same error.  I finally rebooted the
machine, in case, but same issue still...  The only use flag for
openssl now is zlib.

  What is also pretty strange about the issue, is i haven't touched
the kernel in a long time and i usually do all my gentoo updates on
monday.  The problem must have happened since last monday's updates,
but i dont monitor those very much, all i care is everything went fine
and that revdep-rebuild says i'm good to go.  I've done many emerges
since then so i cant figure out a way to see what has been updated
recently.

  A bit of background:  That PC runs kernel 2.6.24, it's my slowest pc
(used for backups mostly) P3 @ 450Mhz, it's got 128MB of ram.  Some
programes have been unmasked, but none that have any relationship with
openssl are, everything dealing with that is stable.  Doing `find
/usr/portage/distfiles -ctime -10` (should give me the files
downloaded within last 10 days, right?) it shows a few files but glibc
is the only that i can see has relationship with issue...

  Anyone can help troubleshoot some more?



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [gentoo-user] Re: SSL giving corrupted MAC on input
  2009-07-06 16:31 [gentoo-user] SSL giving corrupted MAC on input Simon
@ 2009-07-06 16:43 ` Simon
  2009-07-07  0:47 ` [gentoo-user] " Paul Colquhoun
  1 sibling, 0 replies; 5+ messages in thread
From: Simon @ 2009-07-06 16:43 UTC (permalink / raw
  To: gentoo-user

>  A quick troubleshooting i've done was to setup apache and simply
> wget a very large file over plain HTTP.  Transfer worked, i did it a
> second time and diff'ed the two downloads, they were the same.  I then
> did the same test over HTTPS and got an error
> (SSL3_GET_RECORD:decryption failed or bad record mac). This clarified
> the problem is much more related to SSL than anything else.

Forgot to mention, i'm connecting to the machine via ssh and never get
disconnected, ssh terminal works perfectly fine, but anything going
through ssh for large transfers fails (ie rsync, unison, etc).



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-user] SSL giving corrupted MAC on input
  2009-07-06 16:31 [gentoo-user] SSL giving corrupted MAC on input Simon
  2009-07-06 16:43 ` [gentoo-user] " Simon
@ 2009-07-07  0:47 ` Paul Colquhoun
  2009-07-20 18:59   ` Simon
  1 sibling, 1 reply; 5+ messages in thread
From: Paul Colquhoun @ 2009-07-07  0:47 UTC (permalink / raw
  To: gentoo-user

On Tue, 7 Jul 2009 02:31:38 Simon wrote:
> Hi there!
>   I'm getting this issue where even very small transfers through ssh
> will cause this error message:  Corrupted MAC on input.  I've done my
> homework and found out this is not necessarily related to the network
> hardware as TCP would retransmit such corrupted packets, moreover the
> error message is clearly related to ssh as googling proves this.
>
>   A quick troubleshooting i've done was to setup apache and simply
> wget a very large file over plain HTTP.  Transfer worked, i did it a
> second time and diff'ed the two downloads, they were the same.  I then
> did the same test over HTTPS and got an error
> (SSL3_GET_RECORD:decryption failed or bad record mac). This clarified
> the problem is much more related to SSL than anything else.
>
>   A quick glance at `emerge -vp openssl` showed an issue:  it had been
> compiled with sse2 support while this computer's cpu didnt support
> that.  Changed use flags and recompiled, restarted ssh and apache.
> They both continued giving the same error.  I finally rebooted the
> machine, in case, but same issue still...  The only use flag for
> openssl now is zlib.


What did you recompile?  There may still be a library using the "sse2" flag.

Have you tried using the "--newuse" or "--reinstall changed-use" emerge flags?


-- 
Reverend Paul Colquhoun, ULC.    http://andor.dropbear.id.au/~paulcol
 Before you criticize someone, you should walk a mile in their shoes.
Then, when you do, you'll be a mile away, and you'll have their shoes.




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-user] SSL giving corrupted MAC on input
  2009-07-07  0:47 ` [gentoo-user] " Paul Colquhoun
@ 2009-07-20 18:59   ` Simon
  2009-07-20 19:16     ` Simon
  0 siblings, 1 reply; 5+ messages in thread
From: Simon @ 2009-07-20 18:59 UTC (permalink / raw
  To: gentoo-user

> What did you recompile?  There may still be a library using the "sse2" flag.
>
> Have you tried using the "--newuse" or "--reinstall changed-use" emerge flags?

Well, since all my problem were related to the use of ssh, i did a full:
emerge -e openssh
(took a 2 days on that super old pc, while shutdown for the night)

I tried doing an full update after:
emerge -uDN world
emerge --depclean
revdep-rebuild

Then i tryied copying files through ssh and got same issue again.  I
also tried with a usb adapter, got the same issue.  Again, i remind i
tried transfering without ssh (ie using http or netcat) and it works
top shape.

I'm running memtest86 on that pc at the moment, i will look more into
the flags (i havent checked in the /etc/portage/packages.use, there
might be some sse in there too that i missed).
Since this pc is not connected to the net, i used to sync it through
ssh, so it has not been sync'ed in a while now...  i'll try to manage
to sync it (maybe tar /usr/portage and netcat that over, dunno...).

I'll post again with results of these last few checks later today... Thanks!



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-user] SSL giving corrupted MAC on input
  2009-07-20 18:59   ` Simon
@ 2009-07-20 19:16     ` Simon
  0 siblings, 0 replies; 5+ messages in thread
From: Simon @ 2009-07-20 19:16 UTC (permalink / raw
  To: gentoo-user

> I'm running memtest86 on that pc at the moment, i will

Went through 1 pass with zero errors, I'll try some more passes in case later...

> look more into
> the flags (i havent checked in the /etc/portage/packages.use, there
> might be some sse in there too that i missed).

Checked all make.conf and /etc/portage/*, all use flags are fine
according to me, masks are good too (not masking any deps of ssh),
keywords are good (same, not using unstable stuff for any deps of
ssh).

> Since this pc is not connected to the net, i used to sync it through
> ssh, so it has not been sync'ed in a while now...  i'll try to manage
> to sync it (maybe tar /usr/portage and netcat that over, dunno...).

Well, i actually did the following command on both my up2date laptop
and this outdated pc:
emerge -e -p openssh > somefile
Then copied the file over to my laptop and compared differences:
hideo ~ # diff --suppress-common-lines -y
./hideo_openssh_fullemerge.txt wmslave_openssh_fullemerge.txt
Calculating dependencies ... done!                            |
Calculating dependencies  ... done!
[ebuild   R   ] app-admin/eselect-python-20090606             <
                                                              >
[ebuild   R   ] sys-apps/sed-4.1.5-r1
[ebuild   R   ] sys-apps/sed-4.2                              <
[ebuild   R   ] dev-lang/python-2.5.4-r3                      |
[ebuild   R   ] dev-lang/python-2.5.4-r2
[ebuild   R   ] app-admin/eselect-1.1.1                       |
[ebuild   R   ] app-admin/eselect-1.0.12
----
sorry the diff shows probably better if not wrapped at 80chars... but
bottomline is i have an older version of python, sed and eselect on
the outdated pc.

Since i have nothing better to try at the moment, i will wipeout
/usr/portage on the outdated pc and copy my laptops over using wget (i
hope apache supports resuming downloads by default, in case!)...

Thanks again!...



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2009-07-20 19:16 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-07-06 16:31 [gentoo-user] SSL giving corrupted MAC on input Simon
2009-07-06 16:43 ` [gentoo-user] " Simon
2009-07-07  0:47 ` [gentoo-user] " Paul Colquhoun
2009-07-20 18:59   ` Simon
2009-07-20 19:16     ` Simon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox