just committed the fix. On Fri, Jan 20, 2017 at 1:10 AM, Bob Beck <[email protected]> wrote:
> This will certainly be because it's not tty pledged, and it will ask for > the password for his private key > > > On Fri, Jan 20, 2017 at 12:51 AM, Sebastien Marie <[email protected]> > wrote: > >> On Fri, Jan 20, 2017 at 12:45:10AM +0100, Xavier Sanchez wrote: >> > >Synopsis: libressl aborted when starting ocsp with a passphrase >> in the generated rkey file >> > >> > Being not aware how setting up a Root CA, I've followed the >> procedure at the >> > url pasted below. Then, running the OSCP server with arguments >> shown below >> > resulted in: >> > >> > Abort trap (core dumped) >> > >> > at the output, and >> > >> > openssl(7598): syscall 54 "ioctl" >> > >> > in the messages. >> >> The problem is related to pledge(2). Basically, openssl(1) program tries >> to do something it promises to not doing. >> >> Could you post the output of following commands: >> >> $ ktrace -di openssl ocsp -port 127.0.0.1:25600 ... >> $ kdump | tail >> >> The first line will generate a trace of syscalls used by the offending >> command. The second command will extract last lines of the trace. >> >> Beware that the result file (ktrace.out) will contains sensitive >> informations about yours keys. Please review carefully what you would >> share. >> >> The purpose is to see what are the arguments of ioctl(2) syscall used >> (so please adjusts the size of the output of tail(1) if no line >> containing ioctl() are in the 10 last lines). >> >> >> Additionnally, having a backtrace of the failure could also help. >> >> $ gdb openssl openssl.core >> (gdb) bt >> >> And send the output of "bt" command in gdb. >> >> Thanks. >> -- >> Sebastien Marie >> >> >
