Hello,

charon crash when using revocation plugin. It can happen several times
in a minute during establishing connections.

2016-09-10T04:00:08.010176+02:00 sphynx-25.in.ac-dijon.fr charon:
60[DMN] thread 60 received 11
2016-09-10T04:00:08.010426+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]  dumping 14 stack frame addresses:
2016-09-10T04:00:08.010455+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f8692df8000
[0x7f8692e08330]
2016-09-10T04:00:08.014968+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.015002+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000
[0x7f86934b1ba3]
2016-09-10T04:00:08.018784+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.018815+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000
[0x7f86934b1cfa]
2016-09-10T04:00:08.022568+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.022599+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000
[0x7f86934b1d3b]
2016-09-10T04:00:08.026316+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.026349+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000
(array_invoke_offset+0x33) [0x7f86934a4433]
2016-09-10T04:00:08.030030+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.030062+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000
(array_destroy_offset+0x9) [0x7f86934a44b9]
2016-09-10T04:00:08.033702+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.033732+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libcharon.so.0 @ 0x7f8693016000 [0x7f869303bce4]
2016-09-10T04:00:08.037407+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.037438+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libcharon.so.0 @ 0x7f8693016000 [0x7f869303dd21]
2016-09-10T04:00:08.041220+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.041251+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libcharon.so.0 @ 0x7f8693016000 [0x7f869303fd7d]
2016-09-10T04:00:08.045087+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.045119+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libcharon.so.0 @ 0x7f8693016000 [0x7f86930360b3]
2016-09-10T04:00:08.048908+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.048941+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000
[0x7f86934b8df2]
2016-09-10T04:00:08.052686+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.052721+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000
[0x7f86934bbc14]
2016-09-10T04:00:08.056503+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.056535+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f8692df8000
[0x7f8692e00184]
2016-09-10T04:00:08.060346+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.060421+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]   /lib/x86_64-linux-gnu/libc.so.6 @ 0x7f8692a33000 (clone+0x6d)
[0x7f8692b2d37d]
2016-09-10T04:00:08.064165+02:00 sphynx-25.in.ac-dijon.fr charon:
60[LIB]     ->
2016-09-10T04:00:08.116914+02:00 sphynx-25.in.ac-dijon.fr charon:
60[DMN] killing ourself, received critical signal
2016-09-10T04:00:13.122115+02:00 sphynx-25.in.ac-dijon.fr charon:
00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux
4.2.0-42-generic, x86_64)
2016-09-10T04:00:13.131081+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
2016-09-10T04:00:13.131853+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG]   loaded ca certificate "C=FR, O=Ministere Education Nationale
Enseignement Superieur Recherche, CN=AC Racine Ministere ENESR" from
'/etc/ipsec.d/cacerts/AC Racine Ministere ENESR.pem'
2016-09-10T04:00:13.132024+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG]   loaded ca certificate "C=FR, O=Education Nationale, OU=0002
110043015, CN=AC Education Nationale" from '/etc/ipsec.d/cacerts/AC
Education Nationale.pem'
2016-09-10T04:00:13.132334+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG]   loaded ca certificate "C=FR, O=gouv, L=Dijon, OU=education,
OU=ac-dijon, CN=CA-sphynx-25-RVP" from
'/etc/ipsec.d/cacerts/CA-sphynx-25-RVP.pem'
2016-09-10T04:00:13.132506+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG]   loaded ca certificate "C=FR, O=Education Nationale, OU=0002
110043015, CN=AC EN Scolarite et Formation" from
'/etc/ipsec.d/cacerts/AC EN Scolarite et Formation.pem'
2016-09-10T04:00:13.132526+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
2016-09-10T04:00:13.132551+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
2016-09-10T04:00:13.132571+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
2016-09-10T04:00:13.132593+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG] loading crls from '/etc/ipsec.d/crls'
2016-09-10T04:00:13.132712+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG]   loaded crl from
'/etc/ipsec.d/crls/cc2e370f06b2b9b5e92dffbe5237c61db4b70717.crl'
2016-09-10T04:00:13.132732+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG] loading secrets from '/etc/ipsec.secrets'
2016-09-10T04:00:13.143970+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG]   loaded RSA private key from
'/etc/ipsec.d/private/privAGRIATES-DIJON-40.ac-dijon.fr.pem'
2016-09-10T04:00:13.155125+02:00 sphynx-25.in.ac-dijon.fr charon:
00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/privsphynx.pem'
2016-09-10T04:00:13.155262+02:00 sphynx-25.in.ac-dijon.fr charon:
00[LIB] loaded plugins: charon test-vectors curl aes sha1 sha2 md5
random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl xcbc
cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke
updown eap-identity addrblock
2016-09-10T04:00:13.155276+02:00 sphynx-25.in.ac-dijon.fr charon:
00[LIB] unable to load 5 plugin features (5 due to unmet dependencies)
2016-09-10T04:00:13.155338+02:00 sphynx-25.in.ac-dijon.fr charon:
00[LIB] dropped capabilities, running as uid 0, gid 0
2016-09-10T04:00:13.155354+02:00 sphynx-25.in.ac-dijon.fr charon:
00[JOB] spawning 64 worker threads
2016-09-10T04:00:13.160589+02:00 sphynx-25.in.ac-dijon.fr charon:
04[CFG] crl caching to /etc/ipsec.d/crls enabled

When revocation plugin is disabled, it's OK.
CRL and OCSP are used for checking certificates. CRL is for servers
certificates status, and OCSP for CA certificates status.

What can i do to resolve this problem ?

OS : Ubuntu 14.04
strongSwan : 5.1.2

-- 
Regards,
Fabrice Barconnière
Pôle logiciels libres - EOLE



Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to