[Pkg-openssl-devel] libssl0.9.8

Stefan Hornburg racke at linuxia.de
Mon Oct 24 20:21:45 UTC 2005 

Hello, openssl Debian maintainers !

There is a severe problem with current courier-imap-ssl and courier-pop-ssl packages
in testing/sid, see bugs #334920, #335512, #333896. The previous packages (built
against libssl0.9.7) worked just fine, so it looks like some problem with libssl0.9.8.

An user investigated further, and his strace shows couriertls for libz.so:

  [pid  2312] access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/tls/i686/sse2/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or 
directory)
[pid  2312] stat64("/lib/tls/i686/sse2/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/tls/i686/sse2/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/tls/i686/sse2", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/tls/i686/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/tls/i686/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/tls/i686/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/tls/i686", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/tls/sse2/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/tls/sse2/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/tls/sse2/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/tls/sse2", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/tls/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/tls/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/tls/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid  2312] open("/lib/i686/sse2/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/i686/sse2/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/i686/sse2/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/i686/sse2", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/i686/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/i686/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/i686/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/i686", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/sse2/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/sse2/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/sse2/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/sse2", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/lib/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/lib", {st_mode=S_IFDIR|0755, st_size=8192, ...}) = 0
[pid  2312] open("/usr/lib/tls/i686/sse2/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or 
directory)
[pid  2312] stat64("/usr/lib/tls/i686/sse2/cmov", 0xbfffeca0) = -1 ENOENT (No such file or 
directory)
[pid  2312] open("/usr/lib/tls/i686/sse2/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/tls/i686/sse2", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/tls/i686/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/tls/i686/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/tls/i686/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/tls/i686/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/tls/i686", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/tls/sse2/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/tls/sse2/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/tls/sse2/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/tls/sse2", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/tls/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/tls/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/tls/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/tls", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/i686/sse2/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or 
directory)
[pid  2312] stat64("/usr/lib/i686/sse2/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/i686/sse2/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/i686/sse2", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/i686/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/i686/cmov", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid  2312] open("/usr/lib/i686/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/i686", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid  2312] open("/usr/lib/sse2/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/sse2/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/sse2/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/sse2", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/cmov/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib/cmov", 0xbfffeca0) = -1 ENOENT (No such file or directory)
[pid  2312] open("/usr/lib/libz.so", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid  2312] stat64("/usr/lib", {st_mode=S_IFDIR|0755, st_size=8192, ...}) = 0
[pid  2312] munmap(0x40018000, 13577)   = 0
[pid  2312] getpid()                    = 2312
[pid  2312] open("/var/lib/courier/couriersslcache", O_RDWR|O_CREAT, 0600) = 3
[pid  2312] read(3, "\0\0\10\0\235\220\6\0]\377\7\0\0\0\0\0", 16) = 16
[pid  2312] access("/etc/courier/pop3d.pem.83.149.98.54", R_OK) = -1 ENOENT (No such file or 
directory)
[pid  2312] open("/etc/courier/pop3d.pem", O_RDONLY|O_LARGEFILE) = 4
[pid  2312] fstat64(4, {st_mode=S_IFREG|0600, st_size=2190, ...}) = 0
[pid  2312] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
[pid  2312] read(4, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 2190
[pid  2312] close(4)                    = 0
[pid  2312] munmap(0x40018000, 4096)    = 0
[pid  2312] write(2, "couriertls: /etc/courier/pop3d.p"..., 117) = 117
[pid  2312] close(3)                    = 0
[pid  2312] exit_group(1)               = ?

He claimed that he traced down this problem to the following function:

static int process_rsacertfile(SSL_CTX *ctx, const char *filename)
{
#ifndef NO_RSA

         const struct tls_info *info=SSL_CTX_get_app_data(ctx);

         SSL_CTX_set_tmp_rsa_callback(ctx, rsa_callback);

         if(!SSL_CTX_use_certificate_chain_file(ctx, filename))
         {
                 sslerror(info, filename, -1);
                 return (0);
         }

         if(!SSL_CTX_use_RSAPrivateKey_file(ctx, filename, SSL_FILETYPE_PEM))
         {
                 sslerror(info, filename, -1);
                 return (0);
         }
#endif
         return (1);
}

[tcpd/libcouriertls.c]

I think it's not going to be a courier issue per se but a problem with openssl
libs. It seems it's failing while validating the rsacert. This is my actual
error line:

Oct 23 07:31:36 synapsis pop3d-ssl: couriertls: /etc/courier/pop3d.pem: error:25066067:DSO 
support routines:DLFCN_LOAD:could
not load the shared library

ergosum at synapsis:~$ dpkg -l | grep ssl
ii  courier-mta-ssl              0.47-11               Courier Mail Server - ESMTP over SSL
ii  courier-pop-ssl              0.47-11               Courier Mail Server - POP3 over SSL
ii  courier-ssl                  0.47-11               Courier Mail Server - SSL/TLS Support
ii  libssl-dev                   0.9.8a-2              SSL development libraries, header files and
ii  libssl0.9.7                  0.9.7g-5              SSL shared libraries
ii  libssl0.9.8                  0.9.8a-2              SSL shared libraries
ii  openssl                      0.9.8a-2              Secure Socket Layer (SSL) binary and related
ii  ssl-cert                     1.0-11                Simple debconf wrapper for openssl

Please let me know how I can fix this problem.

Bye
	Racke

More information about the Pkg-openssl-devel mailing list