The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

stunnel/openssl problems on Suse 10.0 x86_64

Discussion in 'General Discussion' started by kornaz, Jul 12, 2006.

  1. kornaz

    kornaz Member

    Joined:
    Aug 28, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    # /usr/local/cpanel/startstunnel
    /usr/local/cpanel/3rdparty/bin/stunnel: error while loading shared libraries: libssl.so.4: cannot open shared object file: No such file or directory

    # rpm -qa | grep -i openssl
    openssl-32bit-0.9.7g-2.4
    openssl-0.9.7g-2.4
    openssl-devel-0.9.7g-2.2

    # ls -la /usr/lib64 | grep -i libssl
    -rw-r--r-- 1 root root 434878 Oct 14 2005 libssl.a
    lrwxrwxrwx 1 root root 11 Jul 11 22:21 libssl.so -> libssl.so.0
    lrwxrwxrwx 1 root root 15 Jul 8 15:26 libssl.so.0 -> libssl.so.0.9.7
    -r-xr-xr-x 1 root root 221720 Jul 8 15:26 libssl.so.0.9.7

    And BTW, symlinking doesnt do the trick:

    Jul 12 14:17:33 alpha kernel: stunnel[7763]: segfault at 0000000000000020 rip 00002aaaab013416 rsp 00000000400100b8 error 4

    Any ideas?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You'll probably have to log a support ticket with cPanel through your license provider and have them take a look.
     
  3. kornaz

    kornaz Member

    Joined:
    Aug 28, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    We've reported this, but it seems that I solved the problem. Quite a dirty hack, but works so far:

    1) Install official Suse 10.0 x86_64 stunnel package
    2) cd /usr/local/cpanel/3rdparty/bin
    3) mv stunnel stunnel.old
    4) ln -s /usr/sbin/stunnel stunnel

    Now let's try to start it:

    # /usr/local/cpanel/startstunnel
    2006.07.13 01:14:28 LOG5[3288:46912509762304]: Could not load DH parameters from /usr/local/cpanel/etc/cpanel.pem
    2006.07.13 01:14:28 LOG4[3288:46912509762304]: Diffie-Hellman initialization failed
    2006.07.13 01:14:28 LOG3[3288:46912509762304]: Error reading certificate file: /usr/local/cpanel/etc/cpanel.pem
    2006.07.13 01:14:28 LOG3[3288:46912509762304]: SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line

    Luckily, google gave me quick a answer to this problem:

    -------
    When running as server the new version of stunnel requires not only the certificate and the primary key in the PEM file but also initialisation parameters for the Diffie-Hellman algorithm.

    The following command will create the missing DH parameters that need to be appended to the existing PEM file:

    dd if=/dev/urandom count=2 | openssl dhparam -rand - 512
    -------

    So I got this:

    -----BEGIN DH PARAMETERS-----
    <skipped>
    -----END DH PARAMETERS-----

    and appended it to /usr/local/cpanel/etc/cpanel.pem file.

    /usr/local/cpanel/startstunnel executed OK, process is up and running and accepting connections fine:

    # ps aux | grep stunnel
    cpanel 3495 0.0 0.1 16276 2436 ? Ss 01:19 0:00 /usr/sbin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
     
Loading...

Share This Page