This will certainly be because it's not tty pledged, and it will ask for the password for his private key
On Fri, Jan 20, 2017 at 12:51 AM, Sebastien Marie <[email protected]> wrote: > On Fri, Jan 20, 2017 at 12:45:10AM +0100, Xavier Sanchez wrote: > > >Synopsis: libressl aborted when starting ocsp with a passphrase in > the generated rkey file > > > > Being not aware how setting up a Root CA, I've followed the > procedure at the > > url pasted below. Then, running the OSCP server with arguments > shown below > > resulted in: > > > > Abort trap (core dumped) > > > > at the output, and > > > > openssl(7598): syscall 54 "ioctl" > > > > in the messages. > > The problem is related to pledge(2). Basically, openssl(1) program tries > to do something it promises to not doing. > > Could you post the output of following commands: > > $ ktrace -di openssl ocsp -port 127.0.0.1:25600 ... > $ kdump | tail > > The first line will generate a trace of syscalls used by the offending > command. The second command will extract last lines of the trace. > > Beware that the result file (ktrace.out) will contains sensitive > informations about yours keys. Please review carefully what you would > share. > > The purpose is to see what are the arguments of ioctl(2) syscall used > (so please adjusts the size of the output of tail(1) if no line > containing ioctl() are in the 10 last lines). > > > Additionnally, having a backtrace of the failure could also help. > > $ gdb openssl openssl.core > (gdb) bt > > And send the output of "bt" command in gdb. > > Thanks. > -- > Sebastien Marie > >
