Segfault at startup

[Giraphe]

Hi,

I am trying to install and use OCSPD responder. I compiled latest stable version of openssl. I have the version of debian package installed : root@openxkpi:/usr/etc/ocspd/certs# /usr/local/bin/openssl version OpenSSL 1.1.0i 14 Aug 2018 root@openxkpi:/usr/etc/ocspd/certs# /usr/bin/openssl version OpenSSL 1.0.1t 3 May 2016 I compiled libpki and ocspd on a debian 8.11 server.

I downloaded latest versions of libpki and ocspd on github (as I had compilations errors on versions from the openCA web site).

XML2 library Configuration:

XML2 prefix ..........: /usr XML2 Compiler Flags ..: -I/usr/include/libxml2 XML2 Linker ..........: -L/usr/lib64 XML2 Libs ............: -lxml2

LDAP Configuration:

LDAP support .........: yes LDAP Vendor ..........: OPENLDAP LDAP prefix ..........: LDAP Compiler Flags ..: LDAP libs prefix .....: LDAP Linker ..........: LDAP libs ............: -lldap_r

OpenSSL Configuration:

Library ..............: OpenSSL Prefix ...............: /usr Compiler Flags .......: -I/usr/local/include -DENABLE_ECDSA=1 Linker Flags .........: libs .................: -L/usr/local/lib -lssl -lcrypto Support for ECDSA ....: yes

Configuration for libpki 0.8.9 :

Architecture .........: linux (64 bits) Host System Type .....: x86_64-pc-linux-gnu Supported URLs .......: file http https ldap dns Library Version ......: v = 89, r = 89, a = 1 Install lib path .....: /usr/lib64 Install path .........: /usr Compiler Flags .......: -I/usr/include -g -O2 -fstack-check -maccumulate-outgoing-args -Werror -Wfatal-errors -Wunused-variable -I/usr/local/include -DENABLE_ECDSA=1 -I/usr/include/libxml2
Linker Flags .........: -L/usr/lib64 -L/usr/lib64 -Wl,-rpath -Wl,"/usr/lib64" Libs .................: -lpthread -ldl -lrt -lldap_r -L/usr/local/lib -lssl -lcrypto -lxml2 -lresolv

Package configured for: Debian 8 (x86_64)

Now type 'make' to build libpki 0.8.9, and then 'make install' for installation.

Configuration for openca-ocspd 3.1.2 :

Install Prefix .......: /usr Host System Type .....: x86_64-unknown-linux-gnu Install path .........: /usr Preprocessor .........: gcc Compiler .............: gcc -g -O2 -fstack-check -maccumulate-outgoing-args -Werror -Wfatal-errors -I/usr/include -I/usr/local/include -DENABLE_ECDSA=1 -I/usr/include/libxml2 Linker ...............: gcc -lnsl -L/usr/lib64 -L/usr/local/lib -lssl -lcrypto -L/usr/lib64 -lpthread -Wl,-rpath -Wl,/usr/lib64 -lpki

/usr/etc/init.d/ocspd start-debug

Aug 21 16:13:08 openxkpi ocspd[22059]: OpenCA OCSPD v3.1.2 (Tue Aug 21 16:09:55 CEST 2018)- starting. Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:876] [DEBUG] Loading file /usr/etc/ocspd/ca.d/collegeca.xml Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:892] [DEBUG] Loaded /usr/etc/ocspd/ca.d/collegeca.xml file Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:866] [DEBUG] Skipping file mt.xml.bak Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:866] [DEBUG] Skipping file . Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:866] [DEBUG] Skipping file ca-mt-lan.crt Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:866] [DEBUG] Skipping file ca-prod-lan.crt Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:876] [DEBUG] Loading file /usr/etc/ocspd/ca.d/prod.xml Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:892] [DEBUG] Loaded /usr/etc/ocspd/ca.d/prod.xml file Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:866] [DEBUG] Skipping file .. Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:876] [DEBUG] Loading file /usr/etc/ocspd/ca.d/self-certs.xml Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:892] [DEBUG] Loaded /usr/etc/ocspd/ca.d/self-certs.xml file Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/security/chrootDir, Position: -1] Aug 21 16:13:08 openxkpi ocspd[22059]: [config.c:277] [DEBUG] Selected response digest algorithm: SHA1 Aug 21 16:13:08 openxkpi ocspd[22059]: [config.c:298] [DEBUG] Selected signature digest algorithm: SHA256 Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbUrl, Position: -1] Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbPersistant, Position: -1] Aug 21 16:13:08 openxkpi ocspd[22059]: [config.c:394] [DEBUG] Building CA List Aug 21 16:13:08 openxkpi ocspd[22059]: Processing Configuration for [CA: Dartmouth] Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /caConfig/caCertValue, Position: -1] Aug 21 16:13:08 openxkpi ocspd[22059]: [pki_socket.c:105] [DEBUG] Creating a SECURE connection (SSL/TLS)

I configured a minimal install following : https://wiki.lacavernedemanu.fr/doku.php?id=wiki:systeme:openssl:install_ca (the ocspd part).

Then when I start the ocspd server I get a segfault : /usr/etc/init.d/ocspd start-debug Starting OCSP Responder (Debug Mode): /usr/etc/init.d/ocspd : ligne 34 : 28061 Erreur de segmentation ${ocspd} -c "${conf}" -d -v -debug Error, check logs! Done. /usr/etc/init.d/ocspd status OCSP Responder is stopped.

and in the logs I get : Aug 21 16:34:56 openxkpi ocspd[28061]: OpenCA OCSPD v3.1.2 (Tue Aug 21 16:09:55 CEST 2018)- starting. Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:866] [DEBUG] Skipping file . Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:876] [DEBUG] Loading file /usr/etc/ocspd/ca.d/prod.xml Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:892] [DEBUG] Loaded /usr/etc/ocspd/ca.d/prod.xml file Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:866] [DEBUG] Skipping file .. Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/security/chrootDir, Position: -1] Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:277] [DEBUG] Selected response digest algorithm: SHA1 Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:298] [DEBUG] Selected signature digest algorithm: SHA256 Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbUrl, Position: -1] Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbPersistant, Position: -1] Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:394] [DEBUG] Building CA List Aug 21 16:34:56 openxkpi ocspd[28061]: Processing Configuration for [CA: ProductionMT] Aug 21 16:34:56 openxkpi ocspd[28061]: [pki_config.c:412] [DEBUG] Element Not Found [Search: /caConfig/caCertValue, Position: -1] Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:623] [DEBUG] CRL Downloading Process Started [CA: ProductionMT, URL: /var/www/html/caprod.crt] Aug 21 16:34:56 openxkpi ocspd[28061]: [config.c:837] [DEBUG] CRL loaded successfully [URL: /var/www/html/caprod.crt] Aug 21 16:34:56 openxkpi ocspd[28061]: [crl.c:213] [DEBUG] Got the public key from the CA cert [Scheme: RSA, Key Size: 2048] Aug 21 16:34:56 openxkpi kernel: [1636827.712629] ocspd[28061]: segfault at 81 ip 00007f2bab342fb0 sp 00007ffd2b80edf0 error 4 in libcrypto.so.1.1[7f2bab2ae000+266000]

If I use start I also get another segfault root@openxkpi:/usr/etc/ocspd/ca.d# /usr/etc/init.d/ocspd start Starting OCSP Responder: /usr/etc/init.d/ocspd : ligne 34 : 28069 Erreur de segmentation ${ocspd} -c "${conf}" -d Error, check logs!

Aug 21 16:50:44 openxkpi ocspd[28079]: OpenCA OCSPD v3.1.2 (Tue Aug 21 16:09:55 CEST 2018)- starting. Aug 21 16:50:44 openxkpi ocspd[28079]: Processing Configuration for [CA: ProductionMT] Aug 21 16:50:44 openxkpi kernel: [1637776.371495] ocspd[28079]: segfault at 21 ip 00007fab7c483fb0 sp 00007ffd8bd8dc10 error 4 in libcrypto.so.1.1[7fab7c3ef000+266000]

I made the configuration, build and install again but still the same error.

Thanks

Raphaël