sbbs SEGV with mqtt TSL enabled.
I'm assuming there's a certificate issue but I could do with help in trying to determine what might be wrong here.
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
--Type <RET> for more, q to quit, c to continue without paging--c
Core was generated by `/sbbs/exec/sbbs d'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007ff1704d815a in sanityCheckBignum () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
[Current thread is 1 (Thread 0x7ff156ffd640 (LWP 1352))]
(gdb) bt
#0 0x00007ff1704d815a in sanityCheckBignum () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
#1 0x00007ff1704d820d in BN_clear () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
#2 0x00007ff1704d82cd in BN_free () from /home/bbs/sbbs-git/src/sbbs3/gcc.linux.x64.lib.debug/libsbbs.so
#3 0x00007ff16f3fc838 in ?? () from /lib/x86_64-linux-gnu/libssl.so.3
#4 0x00007ff16f3d6735 in ?? () from /lib/x86_64-linux-gnu/libssl.so.3
#5 0x00007ff16f3e9e3e in SSL_free () from /lib/x86_64-linux-gnu/libssl.so.3
#6 0x00007ff16f883afb in ?? () from /usr/lib/x86_64-linux-gnu/libmosquitto.so.1
#7 0x00007ff16f883fc2 in mosquitto_destroy () from /usr/lib/x86_64-linux-gnu/libmosquitto.so.1
#8 0x00007ff170030638 in js_finalize_mqtt (cx=0x7ff148071f30, obj=0x7ff155e2f4c8) at js_mqtt.c:46
#9 0x00007ff1701d1bdc in JSObject::finalize (cx=0x7ff148071f30, this=0x7ff155e2f4c8)
at /home/bbs/sbbs-test/repo/3rdp/src/mozjs/js-1.8.5/js/src/jsobjinlines.h:137
#10 FinalizeArenaList<JSObject> (comp=0x7ff148093120, cx=0x7ff148071f30, thingKind=0) at jsgc.cpp:1944
#11 0x00007ff1701cface in JSCompartment::finalizeObjectArenaLists (this=0x7ff148093120, cx=0x7ff148071f30) at jsgc.cpp:2005
#12 0x00007ff1701d0a91 in MarkAndSweep (cx=0x7ff148071f30, gckind=GC_NORMAL) at jsgc.cpp:2471
#13 0x00007ff1701d1199 in GCUntilDone (cx=0x7ff148071f30, comp=0x0, gckind=GC_NORMAL) at jsgc.cpp:2755
#14 0x00007ff1701d135d in js_GC (cx=0x7ff148071f30, comp=0x0, gckind=GC_NORMAL) at jsgc.cpp:2824
#15 0x00007ff17014411b in JS_GC (cx=0x7ff148071f30) at jsapi.cpp:2670
#16 0x00007ff16ff6b043 in sbbs_t::js_execfile (this=0x7ff15c120390, cmd=0x7ff15c1332ee "mqtt_stats", startup_dir=0x7ff15c283d81 "/sbbs/exec/",
scope=0x0, js_cx=0x7ff148071f30, js_glob=0x7ff155e03048) at exec.cpp:706
#17 0x00007ff170117905 in sbbs_t::external (this=0x7ff15c120390, cmdline=0x7ff15c1332ed "?mqtt_stats", mode=256,
startup_dir=0x7ff15c283d81 "/sbbs/exec/") at xtrn.cpp:1116
#18 0x00007ff170086208 in event_thread (arg=0x7ff15c120390) at main.cpp:3296
#19 0x00007ff16fbd0ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#20 0x00007ff16fc62660 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
This is probably overkill but I am working on automating so...
I added my bbs user to the mosquitto group and made sure it had access to /etc/mosquitto/certs
Create a p12 version of the letsyncrypt certificates
jsexec certtool --export-pkcs12 /sbbs/ctrl/sbbs.p12
Create individual certs
openssl pkcs12 -in /tmp/sbbs.p12 -nocerts -nodes -out /sbbs/ctrl/sbbs.private_key.pem -passin 'pass:xxxxxx'
openssl pkcs12 -in /tmp/sbbs.p12 -clcerts -nokeys -out /sbbs/ctrl/sbbs.cert.pem -passin 'pass:xxxxxx'
Download the Lets Encrypt root cert.
https://letsencrypt.org/certs/lets-encrypt-r3.pem
wgetPut all three .pem certificates in /etc/mosquitto/certs and make sure the mosquitto group has read access to all 3 files.
(I may be using the wrong cert from Let's Encrypt, I don't know!)
Configure sbbs as follows
[MQTT]
Enabled=true
Verbose=true
Broker_addr=127.0.0.1
Broker_port=8883
Protocol_version=5
Keepalive=11
Publish_QOS=0
Subscribe_QOS=2
Username=bbs
Password=xxxxxxxxxxx
LogLevel=Debugging
TLS_mode=1
TLS_cafile=/etc/mosquitto/certs/lets-encrypt-r3.pem
TLS_certfile=/etc/mosquitto/certs/sbbs.cert.pem
TLS_keyfile=/etc/mosquitto/certs/sbbs.private_key.pem
TLS_keypass=
TLS_psk=
TLS_identity=
I don't think a keypass is needed since I can view details of the private_key without entering one.
I have cores from most all the services, depending which one it hits first.