pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: certbot segfaulting when invoked for renewing certificates
----- Le 11 Déc 16, à 19:11, coypu%SDF.ORG@localhost a écrit :
> On Sun, Dec 11, 2016 at 10:01:24AM +0100, Gabriele Svelto wrote:
>> Hello all,
>> I've got certbot installed (from pkgsrc's trunk, so version 0.9.3) and
>> I'm using it automatically to renew certificates on my machine. However
>> since the last couple of days it's consistently segfaulting when invoked
>> with the 'renew' command.
>>
>> The bottom of the stack trace I get for the segfault looks like this:
>>
>> #0 0x00007f7ff7e13fc0 in ?? ()
>> #1 0x00007f7ff0f4dd09 in internal_verify () from
>> /usr/pkg/lib/libcrypto.so.1.0.0
>> #2 0x00007f7ff0f4fb9e in X509_verify_cert () from
>> /usr/pkg/lib/libcrypto.so.1.0.0
>> #3 0x00007f7ff1444778 in ssl_verify_cert_chain () from
>> /usr/pkg/lib/libssl.so.1.0.0
>> #4 0x00007f7ff14203fc in ssl3_get_server_certificate () from
>> /usr/pkg/lib/libssl.so.1.0.0
>> #5 0x00007f7ff142505e in ssl3_connect () from /usr/pkg/lib/libssl.so.1.0.0
>> #6 0x00007f7ff142e61e in ssl23_connect () from /usr/pkg/lib/libssl.so.1.0.0
>> #7 0x00007f7feee59679 in _cffi_f_SSL_do_handshake () from
>> /usr/pkg/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so
>> #8 0x00007f7ff78e04e4 in PyEval_EvalFrameEx () from
>> /usr/pkg/lib/libpython2.7.so.1.0
>>
>> I'm using pkgsrc's openssl BTW. I've found another thread about this but
>> no solution. Does anybody know what's going on? This has been working
>> properly for months so I'm not sure what changed.
>>
>> Gabriele
>
> Last time it was discussed, someone created a reduced case and said removing
> security/py-ndg_httpsclient fixed the problem for the reduced case.
>
> OpenSSL had some vulnerability where they opted to disable SSLv2, and at least
> in netbsd-7 (I think in openssl too) the update was done such that the symbol
> still exists, but calling the function returns an error and something in python
> is not checking for error and tripping over itself.
>
> Discussion here:
> http://mail-index.netbsd.org/pkgsrc-users/2016/11/09/msg023932.html
Hi,
you can also have a look at pkg/51490 : https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51490
In case it helps someone going further, devel/py-cffi 1.9.1 did not solve the problem.
Also, security/py-acme depends on security/py-ndg_httpsclient.
Regards,
Nils
Home |
Main Index |
Thread Index |
Old Index