You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to install and use OCSPD responder.
I compiled latest stable version of openssl. I have the version of debian package installed :
root@openxkpi:/usr/etc/ocspd/certs# /usr/local/bin/openssl version
OpenSSL 1.1.0i 14 Aug 2018
root@openxkpi:/usr/etc/ocspd/certs# /usr/bin/openssl version
OpenSSL 1.0.1t 3 May 2016
I compiled libpki and ocspd on a debian 8.11 server.
I downloaded latest versions of libpki and ocspd on github (as I had compilations errors on versions from the openCA web site).
Then when I start the ocspd server I get a segfault :
/usr/etc/init.d/ocspd start-debug
Starting OCSP Responder (Debug Mode): /usr/etc/init.d/ocspd : ligne 34 : 28061 Erreur de segmentation ${ocspd} -c "${conf}" -d -v -debug
Error, check logs!
Done.
/usr/etc/init.d/ocspd status
OCSP Responder is stopped.
and in the logs I get :
Aug 21 16:34:56 openxkpi ocspd[28061]: OpenCA OCSPD v3.1.2 (Tue Aug 21 16:09:55 CEST 2018)- starting.
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:866] [DEBUG] Skipping file .
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:876] [DEBUG] Loading file /usr/etc/ocspd/ca.d/prod.xml
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:892] [DEBUG] Loaded /usr/etc/ocspd/ca.d/prod.xml file
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:866] [DEBUG] Skipping file ..
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/security/chrootDir, Position: -1]
Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:277] [DEBUG] Selected response digest algorithm: SHA1
Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:298] [DEBUG] Selected signature digest algorithm: SHA256
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbUrl, Position: -1]
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbPersistant, Position: -1]
Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:394] [DEBUG] Building CA List
Aug 21 16:34:56 openxkpi ocspd[28061]: Processing Configuration for [CA: ProductionMT]
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /caConfig/caCertValue, Position: -1]
Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:623] [DEBUG] CRL Downloading Process Started [CA: ProductionMT, URL: /var/www/html/caprod.crt]
Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:837] [DEBUG] CRL loaded successfully [URL: /var/www/html/caprod.crt]
Aug 21 16:34:56 openxkpi ocspd[28061]: [crl.c:213] [DEBUG] Got the public key from the CA cert [Scheme: RSA, Key Size: 2048]
Aug 21 16:34:56 openxkpi kernel: [1636827.712629] ocspd[28061]: segfault at 81 ip 00007f2bab342fb0 sp 00007ffd2b80edf0 error 4 in libcrypto.so.1.1[7f2bab2ae000+266000]
If I use start I also get another segfault
root@openxkpi:/usr/etc/ocspd/ca.d# /usr/etc/init.d/ocspd start
Starting OCSP Responder: /usr/etc/init.d/ocspd : ligne 34 : 28069 Erreur de segmentation ${ocspd} -c "${conf}" -d
Error, check logs!
Aug 21 16:50:44 openxkpi ocspd[28079]: OpenCA OCSPD v3.1.2 (Tue Aug 21 16:09:55 CEST 2018)- starting.
Aug 21 16:50:44 openxkpi ocspd[28079]: Processing Configuration for [CA: ProductionMT]
Aug 21 16:50:44 openxkpi kernel: [1637776.371495] ocspd[28079]: segfault at 21 ip 00007fab7c483fb0 sp 00007ffd8bd8dc10 error 4 in libcrypto.so.1.1[7fab7c3ef000+266000]
I made the configuration, build and install again but still the same error.
Thanks
Raphaël
The text was updated successfully, but these errors were encountered:
Hi,
I am trying to install and use OCSPD responder.
I compiled latest stable version of openssl. I have the version of debian package installed :
root@openxkpi:/usr/etc/ocspd/certs# /usr/local/bin/openssl version
OpenSSL 1.1.0i 14 Aug 2018
root@openxkpi:/usr/etc/ocspd/certs# /usr/bin/openssl version
OpenSSL 1.0.1t 3 May 2016
I compiled libpki and ocspd on a debian 8.11 server.
I downloaded latest versions of libpki and ocspd on github (as I had compilations errors on versions from the openCA web site).
XML2 library Configuration:
XML2 prefix ..........: /usr
XML2 Compiler Flags ..: -I/usr/include/libxml2
XML2 Linker ..........: -L/usr/lib64
XML2 Libs ............: -lxml2
LDAP Configuration:
LDAP support .........: yes
LDAP Vendor ..........: OPENLDAP
LDAP prefix ..........:
LDAP Compiler Flags ..:
LDAP libs prefix .....:
LDAP Linker ..........:
LDAP libs ............: -lldap_r
OpenSSL Configuration:
Library ..............: OpenSSL
Prefix ...............: /usr
Compiler Flags .......: -I/usr/local/include -DENABLE_ECDSA=1
Linker Flags .........:
libs .................: -L/usr/local/lib -lssl -lcrypto
Support for ECDSA ....: yes
Configuration for libpki 0.8.9 :
Architecture .........: linux (64 bits)
Host System Type .....: x86_64-pc-linux-gnu
Supported URLs .......: file http https ldap dns
Library Version ......: v = 89, r = 89, a = 1
Install lib path .....: /usr/lib64
Install path .........: /usr
Compiler Flags .......: -I/usr/include -g -O2 -fstack-check -maccumulate-outgoing-args -Werror -Wfatal-errors -Wunused-variable -I/usr/local/include -DENABLE_ECDSA=1 -I/usr/include/libxml2
Linker Flags .........: -L/usr/lib64 -L/usr/lib64 -Wl,-rpath -Wl,"/usr/lib64"
Libs .................: -lpthread -ldl -lrt -lldap_r -L/usr/local/lib -lssl -lcrypto -lxml2 -lresolv
Package configured for: Debian 8 (x86_64)
Now type 'make' to build libpki 0.8.9,
and then 'make install' for installation.
Configuration for openca-ocspd 3.1.2 :
Install Prefix .......: /usr
Host System Type .....: x86_64-unknown-linux-gnu
Install path .........: /usr
Preprocessor .........: gcc
Compiler .............: gcc -g -O2 -fstack-check -maccumulate-outgoing-args -Werror -Wfatal-errors -I/usr/include -I/usr/local/include -DENABLE_ECDSA=1 -I/usr/include/libxml2
Linker ...............: gcc -lnsl -L/usr/lib64 -L/usr/local/lib -lssl -lcrypto -L/usr/lib64 -lpthread -Wl,-rpath -Wl,/usr/lib64 -lpki
/usr/etc/init.d/ocspd start-debug
Aug 21 16:13:08 openxkpi ocspd[22059]: OpenCA OCSPD v3.1.2 (Tue Aug 21 16:09:55 CEST 2018)- starting.
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:876] [DEBUG] Loading file /usr/etc/ocspd/ca.d/collegeca.xml
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:892] [DEBUG] Loaded /usr/etc/ocspd/ca.d/collegeca.xml file
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:866] [DEBUG] Skipping file mt.xml.bak
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:866] [DEBUG] Skipping file .
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:866] [DEBUG] Skipping file ca-mt-lan.crt
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:866] [DEBUG] Skipping file ca-prod-lan.crt
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:876] [DEBUG] Loading file /usr/etc/ocspd/ca.d/prod.xml
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:892] [DEBUG] Loaded /usr/etc/ocspd/ca.d/prod.xml file
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:866] [DEBUG] Skipping file ..
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:876] [DEBUG] Loading file /usr/etc/ocspd/ca.d/self-certs.xml
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:892] [DEBUG] Loaded /usr/etc/ocspd/ca.d/self-certs.xml file
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/security/chrootDir, Position: -1]
Aug 21 16:13:08 openxkpi ocspd[22059]: [config.c:277] [DEBUG] Selected response digest algorithm: SHA1
Aug 21 16:13:08 openxkpi ocspd[22059]: [config.c:298] [DEBUG] Selected signature digest algorithm: SHA256
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbUrl, Position: -1]
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbPersistant, Position: -1]
Aug 21 16:13:08 openxkpi ocspd[22059]: [config.c:394] [DEBUG] Building CA List
Aug 21 16:13:08 openxkpi ocspd[22059]: Processing Configuration for [CA: Dartmouth]
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /caConfig/caCertValue, Position: -1]
Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_socket.c:105] [DEBUG] Creating a SECURE connection (SSL/TLS)
I configured a minimal install following : https://wiki.lacavernedemanu.fr/doku.php?id=wiki:systeme:openssl:install_ca
(the ocspd part).
Then when I start the ocspd server I get a segfault :
/usr/etc/init.d/ocspd start-debug
Starting OCSP Responder (Debug Mode): /usr/etc/init.d/ocspd : ligne 34 : 28061 Erreur de segmentation ${ocspd} -c "${conf}" -d -v -debug
Error, check logs!
Done.
/usr/etc/init.d/ocspd status
OCSP Responder is stopped.
and in the logs I get :
Aug 21 16:34:56 openxkpi ocspd[28061]: OpenCA OCSPD v3.1.2 (Tue Aug 21 16:09:55 CEST 2018)- starting.
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:866] [DEBUG] Skipping file .
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:876] [DEBUG] Loading file /usr/etc/ocspd/ca.d/prod.xml
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:892] [DEBUG] Loaded /usr/etc/ocspd/ca.d/prod.xml file
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:866] [DEBUG] Skipping file ..
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/security/chrootDir, Position: -1]
Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:277] [DEBUG] Selected response digest algorithm: SHA1
Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:298] [DEBUG] Selected signature digest algorithm: SHA256
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbUrl, Position: -1]
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbPersistant, Position: -1]
Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:394] [DEBUG] Building CA List
Aug 21 16:34:56 openxkpi ocspd[28061]: Processing Configuration for [CA: ProductionMT]
Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /caConfig/caCertValue, Position: -1]
Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:623] [DEBUG] CRL Downloading Process Started [CA: ProductionMT, URL: /var/www/html/caprod.crt]
Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:837] [DEBUG] CRL loaded successfully [URL: /var/www/html/caprod.crt]
Aug 21 16:34:56 openxkpi ocspd[28061]: [crl.c:213] [DEBUG] Got the public key from the CA cert [Scheme: RSA, Key Size: 2048]
Aug 21 16:34:56 openxkpi kernel: [1636827.712629] ocspd[28061]: segfault at 81 ip 00007f2bab342fb0 sp 00007ffd2b80edf0 error 4 in libcrypto.so.1.1[7f2bab2ae000+266000]
If I use start I also get another segfault
root@openxkpi:/usr/etc/ocspd/ca.d# /usr/etc/init.d/ocspd start
Starting OCSP Responder: /usr/etc/init.d/ocspd : ligne 34 : 28069 Erreur de segmentation ${ocspd} -c "${conf}" -d
Error, check logs!
Aug 21 16:50:44 openxkpi ocspd[28079]: OpenCA OCSPD v3.1.2 (Tue Aug 21 16:09:55 CEST 2018)- starting.
Aug 21 16:50:44 openxkpi ocspd[28079]: Processing Configuration for [CA: ProductionMT]
Aug 21 16:50:44 openxkpi kernel: [1637776.371495] ocspd[28079]: segfault at 21 ip 00007fab7c483fb0 sp 00007ffd8bd8dc10 error 4 in libcrypto.so.1.1[7fab7c3ef000+266000]
I made the configuration, build and install again but still the same error.
Thanks
Raphaël
The text was updated successfully, but these errors were encountered: