From: Andrei M. - I. <and...@iv...> - 2011-02-10 12:10:42
|
Hello, I installed ipsec-tools 0.7.3 on FreeBSD with Openssl 1.0.0 and the racoond crashes seconds after tunnel is established. A backtrace on the core file: (gdb) backtrace #0 0x2818a7da in BN_num_bits () from /usr/local/lib/libcrypto.so.7 #1 0x280cedc9 in elf_hash () from /libexec/ld-elf.so.1 #2 0x0808d324 in eay_get_x509sign (src=0x80ea320, privkey=0x80ea390) at crypto_openssl.c:1050 #3 0x0808282b in oakley_getsign (iph1=0x80df600) at oakley.c:1819 #4 0x0805b3a5 in ident_ir3mx (iph1=0x80df600) at isakmp_ident.c:1854 #5 0x080594c7 in ident_i3send (iph1=0x80df600, msg0=0x80ea120) at isakmp_ident.c:655 #6 0x0804f111 in ph1_main (iph1=0x80df600, msg=0x80ea120) at isakmp.c:837 #7 0x0804e83d in isakmp_main (msg=0x80ea120, remote=0xbfbfe640, local=0xbfbfe5c0) at isakmp.c:607 #8 0x0804e121 in isakmp_handler (so_isakmp=7) at isakmp.c:376 #9 0x0804ccb3 in session () at session.c:219 #10 0x0804c6b2 in main (ac=2, av=0xbfbfec8c) at main.c:270 # ldd `which racoon` /usr/local/sbin/racoon: libipsec.so.0 => /usr/local/lib/libipsec.so.0 (0x28102000) libutil.so.5 => /lib/libutil.so.5 (0x28111000) libcrypto.so.7 => /usr/local/lib/libcrypto.so.7 (0x2811e000) libreadline.so.6 => /lib/libreadline.so.6 (0x28290000) libcrypt.so.3 => /lib/libcrypt.so.3 (0x282c9000) libpam.so.3 => /usr/lib/libpam.so.3 (0x282ed000) libc.so.6 => /lib/libc.so.6 (0x282f5000) libncurses.so.6 => /lib/libncurses.so.6 (0x2840d000) And also from racoon in foreground: 2011-02-10 13:37:35: DEBUG: created CERT payload: 2011-02-10 13:37:35: DEBUG: ... output ommited... 2011-02-10 13:37:35: DEBUG: filename: /usr/local/etc/racoon/cert/private.key 2011-02-10 13:37:35: DEBUG2: private key: 2011-02-10 13:37:35: DEBUG2: ... output ommited... Segmentation fault: 11 (core dumped) P.S.: CRT file is self signed. All certificates were generated with 2004 openssl instead of 2010 one, but this shouldn't be a problem, should it ? Seems that racoon only works with 2004 Openssl. Is there anyone who managed to make it work with recent versions or should I just stick to the old libcrypto ? Thanks in advance. -- Regards, Andrei Manescu |