stunnel/openssl problems on Suse 10.0 x86_64

[kornaz]

# /usr/local/cpanel/startstunnel
/usr/local/cpanel/3rdparty/bin/stunnel: error while loading shared libraries: libssl.so.4: cannot open shared object file: No such file or directory

# rpm -qa | grep -i openssl
openssl-32bit-0.9.7g-2.4
openssl-0.9.7g-2.4
openssl-devel-0.9.7g-2.2

# ls -la /usr/lib64 | grep -i libssl
-rw-r--r-- 1 root root 434878 Oct 14 2005 libssl.a
lrwxrwxrwx 1 root root 11 Jul 11 22:21 libssl.so -> libssl.so.0
lrwxrwxrwx 1 root root 15 Jul 8 15:26 libssl.so.0 -> libssl.so.0.9.7
-r-xr-xr-x 1 root root 221720 Jul 8 15:26 libssl.so.0.9.7

And BTW, symlinking doesnt do the trick:

Jul 12 14:17:33 alpha kernel: stunnel[7763]: segfault at 0000000000000020 rip 00002aaaab013416 rsp 00000000400100b8 error 4

Any ideas?

 

[chirpy]

You'll probably have to log a support ticket with cPanel through your license provider and have them take a look.

 

[kornaz]

We've reported this, but it seems that I solved the problem. Quite a dirty hack, but works so far:

1) Install official Suse 10.0 x86_64 stunnel package
2) cd /usr/local/cpanel/3rdparty/bin
3) mv stunnel stunnel.old
4) ln -s /usr/sbin/stunnel stunnel

Now let's try to start it:

# /usr/local/cpanel/startstunnel
2006.07.13 01:14:28 LOG5[3288:46912509762304]: Could not load DH parameters from /usr/local/cpanel/etc/cpanel.pem
2006.07.13 01:14:28 LOG4[3288:46912509762304]: Diffie-Hellman initialization failed
2006.07.13 01:14:28 LOG3[3288:46912509762304]: Error reading certificate file: /usr/local/cpanel/etc/cpanel.pem
2006.07.13 01:14:28 LOG3[3288:46912509762304]: SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line

Luckily, google gave me quick a answer to this problem:

-------
When running as server the new version of stunnel requires not only the certificate and the primary key in the PEM file but also initialisation parameters for the Diffie-Hellman algorithm.

The following command will create the missing DH parameters that need to be appended to the existing PEM file:

dd if=/dev/urandom count=2 | openssl dhparam -rand - 512
-------

So I got this:

-----BEGIN DH PARAMETERS-----
<skipped>
-----END DH PARAMETERS-----

and appended it to /usr/local/cpanel/etc/cpanel.pem file.

/usr/local/cpanel/startstunnel executed OK, process is up and running and accepting connections fine:

# ps aux | grep stunnel
cpanel 3495 0.0 0.1 16276 2436 ? Ss 01:19 0:00 /usr/sbin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run