Re: [openssl-users] Segmentation fault ssl23_connect()

[Viktor Dukhovni]

> On May 2, 2017, at 2:02 PM, Michael Ströder  wrote:
> 
> I'm not sure whether OpenSSL 1.0.2k is even usable with this ancient OpenLDAP 
> version.
> Especially it was set to historic status by the OpenLDAP project several 
> years ago.
> 
> I'd strongly recommend to use a recent OpenLDAP release before trying 
> anything else.

It should "just work".  The OpenSSL 1.0.2 branch is expected to provide ABI
compatibility with older software built against OpenSSL 1.0.0, 1.0.1 and
older patch levels of 1.0.2.

There could of course be unfixed bugs in that OpenLDAP version that a newer
version of OpenSSL happens to expose, but generally speaking what worked
with 1.0.0 or 1.0.1 should continue to work with 1.0.2.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Segmentation fault ssl23_connect()

[Michael Ströder]

Sanjaya Joshi wrote:
> I use openldap_2.3.39 to initiate secure LDAP connection (starttls) to 
> external LDAP
> server. The used openssl version is 1.0.2k.

I'm not sure whether OpenSSL 1.0.2k is even usable with this ancient OpenLDAP 
version.
Especially it was set to historic status by the OpenLDAP project several years 
ago.

I'd strongly recommend to use a recent OpenLDAP release before trying anything 
else.

Ciao, Michael.



smime.p7s
Description: S/MIME Cryptographic Signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Segmentation fault ssl23_connect()

[Sanjaya Joshi]

Thanks. I'll try that.

Regards,
Sanjaya

On 18 Apr 2017 15:27, "Matt Caswell"  wrote:

>
>
> On 16/04/17 20:17, Sanjaya Joshi wrote:
> > Hello,
> >
> > I use openldap_2.3.39 to initiate secure LDAP connection (starttls) to
> > external LDAP server. The used openssl version is 1.0.2k.
> >
> > While establishing the secure connection from client, i observe the
> > following segmentation fault occasionally (Not always reproducible).
> >
> > Any pointers please ?
> >
>
> Are you able to compile openssl with debug symbols? That's not a lot to
> go on.
>
> Matt
>
> > "
> > [Thread debugging using libthread_db enabled]
> > Using host libthread_db library "/lib64/libthread_db.so.1".
> > Core was generated by `/opt/nsn/pac_bor_qx_e1/bin/border'.
> > Program terminated with signal SIGSEGV, Segmentation fault.
> > #0  0x7fd6b8271bd9 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
> > (gdb) bt
> > #0  0x7fd6b8271bd9 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
> > #1  0x7fd6b3495516 in ssl23_connect () from
> /usr/lib64/libssl.so.1.0.0
> > #2  0x7fd6b7d2d6cf in ldap_int_tls_connect (ld=0x7fd6880486d0,
> > conn=0x7fd68802d9e0) at tls.c:805
> > #3  0x7fd6b7d2ece0 in ldap_int_tls_start (ld=0x7fd6880486d0,
> > conn=0x7fd68802d9e0, srv=0x0) at tls.c:1511
> > #4  0x7fd6b7d2f6e9 in ldap_install_tls (ld=0x7fd6880486d0) at
> tls.c:1935
> > #5  0x7fd6bb46c6c1 in open_connection_as
> > (ldap_host_address=0x7fd68805de90 "10.55.433.1", port=389,
> client_access=0,
> > user_dn=0x7fd6880543c8
> > "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
> > user_pwd=0x7fd6962d3c70 "saaadh45sks", ldap_handle=0x7fd6962d2838,
> > network_timeout=5000, request_id=0x7fd6962d144c,
> > error_string=0x7fd6962d1440, isSecure=2, cacertFile=0x7fd688048bf8
> > "/etc/certs/cacert.pem",
> > ciphers=0x7fd68805e138
> > "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA",
> > reqCert=0x7fd6962d2558) at ../src/api.c:1048
> > #6  0x7fd6bb46ca97 in open_secure_connection_starttls_request
> > (ldap_host_address=0x7fd68805de90 "10.55.433.1", port=389,
> > client_access=0, user_dn=0x7fd6880543c8
> > "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
> > user_pwd=0x7fd6962d3c70 "saaadh45sks", ldap_handle=0x7fd6962d2838,
> > network_timeout=5000, request_id=0x7fd6962d144c,
> > error_string=0x7fd6962d1440, cacertFile=0x7fd688048bf8
> > "/etc/certs/cacert.pem",
> > ciphers=0x7fd68805e138
> > "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA",
> > reqCert=0x7fd6962d2558) at ../src/api.c:1258
> > #7  0x7fd6b9c899c8 in tryConnectExtLdap (host=0x7fd68805de90
> > "10.55.433.1", port=389,
> > binddn=0x7fd6962d3380
> > "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
> > pwd=0x7fd6962d3c70 "saaadh45sks",
> > _extHandle=@0x7fd6962d2838: 0x7fd6880486d0, peopledn=0x7fd6880495b0
> > "ou=people,ou=accounts,dc=sasa,dc=test,dc=net", secureMode=0,
> > cacertFile=..., ciphers=..., reqCert=5, timeout_ms=5000)
> > at ../../src/acct.cpp:1694
> > #8  0x7fd6b9c88df1 in validate_account (accountName=0x7fd6962d3380
> > "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
> > accountPassword=0x7fd6962d3c70 "saaadh45sks") at
> ../../src/acct.cpp:1623
> > #9  0x00479d3a in set_acc
> > (userName=userName@entry=0x7fd6962d3870 "user1",
> > password=password@entry=0x7fd6962d3c70 "saaadh45sks") at
> > ../src/borfunc_cou.c:4066
> > #10 0x0045217b in _71571_2 (_T=0x42907000) at
> > ../src/bor7qxqx.sdl:600
> > #11 0x0044fd45 in _s71571_ACTIVE (_T=) at
> > _Sborha7ACTIVE.c:33
> > #12 0x7fd6b6ec8a65 in call_transition (msg=0x7fd6bc0d8948,
> process=96)
> > at /home/core/threadmain.c:656
> > #13 call_transition_with_fatal_sig_catching (thread=,
> > thread@entry=0x25d7d90, process=process@entry=96,
> > msg=msg@entry=0x7fd6bc0d8948) at /home/core/threadmain.c:669
> > #14 0x7fd6b6ec9499 in execute_user_code (msg=0x7fd6bc0d8948,
> > process=96, thread=0x25d7d90)
> > at /home/core/threadmain.c:687
> > #15 exec_main_loop (thread=0x25d7d90) at /home/core/threadmain.c:882
> > #16 thread_context_main (arg=) at
> /home/core/threadmain.c:592
> > #17 0x7fd6b64f2f50 in ?? () from /lib64/libc.so.6
> > #18 0x in ?? ()
> > (gdb)
> > "
> >
> > Regards,
> > Sanjaya
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Segmentation fault ssl23_connect()

[Matt Caswell]

On 16/04/17 20:17, Sanjaya Joshi wrote:
> Hello,
> 
> I use openldap_2.3.39 to initiate secure LDAP connection (starttls) to
> external LDAP server. The used openssl version is 1.0.2k.
> 
> While establishing the secure connection from client, i observe the
> following segmentation fault occasionally (Not always reproducible).
> 
> Any pointers please ?
> 

Are you able to compile openssl with debug symbols? That's not a lot to
go on.

Matt

> "
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Core was generated by `/opt/nsn/pac_bor_qx_e1/bin/border'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x7fd6b8271bd9 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
> (gdb) bt
> #0  0x7fd6b8271bd9 in sk_value () from /usr/lib64/libcrypto.so.1.0.0
> #1  0x7fd6b3495516 in ssl23_connect () from /usr/lib64/libssl.so.1.0.0
> #2  0x7fd6b7d2d6cf in ldap_int_tls_connect (ld=0x7fd6880486d0,
> conn=0x7fd68802d9e0) at tls.c:805
> #3  0x7fd6b7d2ece0 in ldap_int_tls_start (ld=0x7fd6880486d0,
> conn=0x7fd68802d9e0, srv=0x0) at tls.c:1511
> #4  0x7fd6b7d2f6e9 in ldap_install_tls (ld=0x7fd6880486d0) at tls.c:1935
> #5  0x7fd6bb46c6c1 in open_connection_as
> (ldap_host_address=0x7fd68805de90 "10.55.433.1", port=389, client_access=0,
> user_dn=0x7fd6880543c8
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
> user_pwd=0x7fd6962d3c70 "saaadh45sks", ldap_handle=0x7fd6962d2838,
> network_timeout=5000, request_id=0x7fd6962d144c,
> error_string=0x7fd6962d1440, isSecure=2, cacertFile=0x7fd688048bf8
> "/etc/certs/cacert.pem",
> ciphers=0x7fd68805e138
> "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA",
> reqCert=0x7fd6962d2558) at ../src/api.c:1048
> #6  0x7fd6bb46ca97 in open_secure_connection_starttls_request
> (ldap_host_address=0x7fd68805de90 "10.55.433.1", port=389,
> client_access=0, user_dn=0x7fd6880543c8
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
> user_pwd=0x7fd6962d3c70 "saaadh45sks", ldap_handle=0x7fd6962d2838,
> network_timeout=5000, request_id=0x7fd6962d144c,
> error_string=0x7fd6962d1440, cacertFile=0x7fd688048bf8
> "/etc/certs/cacert.pem",
> ciphers=0x7fd68805e138
> "DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA",
> reqCert=0x7fd6962d2558) at ../src/api.c:1258
> #7  0x7fd6b9c899c8 in tryConnectExtLdap (host=0x7fd68805de90
> "10.55.433.1", port=389,
> binddn=0x7fd6962d3380
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
> pwd=0x7fd6962d3c70 "saaadh45sks",
> _extHandle=@0x7fd6962d2838: 0x7fd6880486d0, peopledn=0x7fd6880495b0
> "ou=people,ou=accounts,dc=sasa,dc=test,dc=net", secureMode=0,
> cacertFile=..., ciphers=..., reqCert=5, timeout_ms=5000)
> at ../../src/acct.cpp:1694
> #8  0x7fd6b9c88df1 in validate_account (accountName=0x7fd6962d3380
> "uid=user1,ou=people,ou=accounts,dc=sasa,dc=test,dc=net",
> accountPassword=0x7fd6962d3c70 "saaadh45sks") at ../../src/acct.cpp:1623
> #9  0x00479d3a in set_acc
> (userName=userName@entry=0x7fd6962d3870 "user1",
> password=password@entry=0x7fd6962d3c70 "saaadh45sks") at
> ../src/borfunc_cou.c:4066
> #10 0x0045217b in _71571_2 (_T=0x42907000) at
> ../src/bor7qxqx.sdl:600
> #11 0x0044fd45 in _s71571_ACTIVE (_T=) at
> _Sborha7ACTIVE.c:33
> #12 0x7fd6b6ec8a65 in call_transition (msg=0x7fd6bc0d8948, process=96)
> at /home/core/threadmain.c:656
> #13 call_transition_with_fatal_sig_catching (thread=,
> thread@entry=0x25d7d90, process=process@entry=96,
> msg=msg@entry=0x7fd6bc0d8948) at /home/core/threadmain.c:669
> #14 0x7fd6b6ec9499 in execute_user_code (msg=0x7fd6bc0d8948,
> process=96, thread=0x25d7d90)
> at /home/core/threadmain.c:687
> #15 exec_main_loop (thread=0x25d7d90) at /home/core/threadmain.c:882
> #16 thread_context_main (arg=) at /home/core/threadmain.c:592
> #17 0x7fd6b64f2f50 in ?? () from /lib64/libc.so.6
> #18 0x in ?? ()
> (gdb)
> "
> 
> Regards,
> Sanjaya
> 
> 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users