Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

stunnel/openssl problems on Suse 10.0 x86_64

Discussion in 'General Discussion' started by kornaz, Jul 12, 2006.

  1. kornaz

    kornaz Member

    Joined:
    Aug 28, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    151
    # /usr/local/cpanel/startstunnel
    /usr/local/cpanel/3rdparty/bin/stunnel: error while loading shared libraries: libssl.so.4: cannot open shared object file: No such file or directory

    # rpm -qa | grep -i openssl
    openssl-32bit-0.9.7g-2.4
    openssl-0.9.7g-2.4
    openssl-devel-0.9.7g-2.2

    # ls -la /usr/lib64 | grep -i libssl
    -rw-r--r-- 1 root root 434878 Oct 14 2005 libssl.a
    lrwxrwxrwx 1 root root 11 Jul 11 22:21 libssl.so -> libssl.so.0
    lrwxrwxrwx 1 root root 15 Jul 8 15:26 libssl.so.0 -> libssl.so.0.9.7
    -r-xr-xr-x 1 root root 221720 Jul 8 15:26 libssl.so.0.9.7

    And BTW, symlinking doesnt do the trick:

    Jul 12 14:17:33 alpha kernel: stunnel[7763]: segfault at 0000000000000020 rip 00002aaaab013416 rsp 00000000400100b8 error 4

    Any ideas?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You'll probably have to log a support ticket with cPanel through your license provider and have them take a look.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. kornaz

    kornaz Member

    Joined:
    Aug 28, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    151
    We've reported this, but it seems that I solved the problem. Quite a dirty hack, but works so far:

    1) Install official Suse 10.0 x86_64 stunnel package
    2) cd /usr/local/cpanel/3rdparty/bin
    3) mv stunnel stunnel.old
    4) ln -s /usr/sbin/stunnel stunnel

    Now let's try to start it:

    # /usr/local/cpanel/startstunnel
    2006.07.13 01:14:28 LOG5[3288:46912509762304]: Could not load DH parameters from /usr/local/cpanel/etc/cpanel.pem
    2006.07.13 01:14:28 LOG4[3288:46912509762304]: Diffie-Hellman initialization failed
    2006.07.13 01:14:28 LOG3[3288:46912509762304]: Error reading certificate file: /usr/local/cpanel/etc/cpanel.pem
    2006.07.13 01:14:28 LOG3[3288:46912509762304]: SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line

    Luckily, google gave me quick a answer to this problem:

    -------
    When running as server the new version of stunnel requires not only the certificate and the primary key in the PEM file but also initialisation parameters for the Diffie-Hellman algorithm.

    The following command will create the missing DH parameters that need to be appended to the existing PEM file:

    dd if=/dev/urandom count=2 | openssl dhparam -rand - 512
    -------

    So I got this:

    -----BEGIN DH PARAMETERS-----
    <skipped>
    -----END DH PARAMETERS-----

    and appended it to /usr/local/cpanel/etc/cpanel.pem file.

    /usr/local/cpanel/startstunnel executed OK, process is up and running and accepting connections fine:

    # ps aux | grep stunnel
    cpanel 3495 0.0 0.1 16276 2436 ? Ss 01:19 0:00 /usr/sbin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice