[Ipsec-tools-devel] Racoon daemon crashes when using recent openssl (2009/2010)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello, 

I installed ipsec-tools 0.7.3 on FreeBSD with Openssl 1.0.0 and
the racoond crashes seconds after tunnel is established. 

A backtrace on
the core file: 

(gdb) backtrace 

#0 0x2818a7da in BN_num_bits () from
/usr/local/lib/libcrypto.so.7 

#1 0x280cedc9 in elf_hash () from
/libexec/ld-elf.so.1 

#2 0x0808d324 in eay_get_x509sign (src=0x80ea320,
privkey=0x80ea390) at crypto_openssl.c:1050 

#3 0x0808282b in
oakley_getsign (iph1=0x80df600) at oakley.c:1819 

#4 0x0805b3a5 in
ident_ir3mx (iph1=0x80df600) at isakmp_ident.c:1854 

#5 0x080594c7 in
ident_i3send (iph1=0x80df600, msg0=0x80ea120) at isakmp_ident.c:655 

#6
0x0804f111 in ph1_main (iph1=0x80df600, msg=0x80ea120) at isakmp.c:837 

#7
0x0804e83d in isakmp_main (msg=0x80ea120, remote=0xbfbfe640,
local=0xbfbfe5c0) at isakmp.c:607 

#8 0x0804e121 in isakmp_handler
(so_isakmp=7) at isakmp.c:376 

#9 0x0804ccb3 in session () at
session.c:219 

#10 0x0804c6b2 in main (ac=2, av=0xbfbfec8c) at main.c:270 
 # ldd `which racoon`  /usr/local/sbin/racoon:  libipsec.so.0 =>
/usr/local/lib/libipsec.so.0 (0x28102000)  libutil.so.5 =>
/lib/libutil.so.5 (0x28111000)  libcrypto.so.7 =>
/usr/local/lib/libcrypto.so.7 (0x2811e000)  libreadline.so.6 =>
/lib/libreadline.so.6 (0x28290000)  libcrypt.so.3 => /lib/libcrypt.so.3
(0x282c9000)  libpam.so.3 => /usr/lib/libpam.so.3 (0x282ed000)  libc.so.6
=> /lib/libc.so.6 (0x282f5000)  libncurses.so.6 => /lib/libncurses.so.6
(0x2840d000)   And also from racoon in foreground:  2011-02-10 13:37:35:
DEBUG: created CERT payload: 2011-02-10 13:37:35: DEBUG:  ... output
ommited...   2011-02-10 13:37:35: DEBUG: filename:
/usr/local/etc/racoon/cert/private.key 2011-02-10 13:37:35: DEBUG2: private
key: 2011-02-10 13:37:35: DEBUG2:   ... output ommited... Segmentation
fault: 11 (core dumped)  P.S.: CRT file is self signed. All certificates
were generated with 2004 openssl instead of 2010 one, but this shouldn't be
a problem, should it ?  Seems that racoon only works with 2004 Openssl. Is
there anyone who managed to make it work with recent versions or should I
just stick to the old libcrypto ?  Thanks in advance.   

--

Regards,
Andrei Manescu