pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: certbot segfaulting when invoked for renewing certificates

On Sun, Dec 11, 2016 at 10:01:24AM +0100, Gabriele Svelto wrote:
>  Hello all,
> I've got certbot installed (from pkgsrc's trunk, so version 0.9.3) and
> I'm using it automatically to renew certificates on my machine. However
> since the last couple of days it's consistently segfaulting when invoked
> with the 'renew' command.
> The bottom of the stack trace I get for the segfault looks like this:
> #0  0x00007f7ff7e13fc0 in ?? ()
> #1  0x00007f7ff0f4dd09 in internal_verify () from
> /usr/pkg/lib/
> #2  0x00007f7ff0f4fb9e in X509_verify_cert () from
> /usr/pkg/lib/
> #3  0x00007f7ff1444778 in ssl_verify_cert_chain () from
> /usr/pkg/lib/
> #4  0x00007f7ff14203fc in ssl3_get_server_certificate () from
> /usr/pkg/lib/
> #5  0x00007f7ff142505e in ssl3_connect () from /usr/pkg/lib/
> #6  0x00007f7ff142e61e in ssl23_connect () from /usr/pkg/lib/
> #7  0x00007f7feee59679 in _cffi_f_SSL_do_handshake () from
> /usr/pkg/lib/python2.7/site-packages/cryptography/hazmat/bindings/
> #8  0x00007f7ff78e04e4 in PyEval_EvalFrameEx () from
> /usr/pkg/lib/
> I'm using pkgsrc's openssl BTW. I've found another thread about this but
> no solution. Does anybody know what's going on? This has been working
> properly for months so I'm not sure what changed.
>  Gabriele

Last time it was discussed, someone created a reduced case and said removing security/py-ndg_httpsclient fixed the problem for the reduced case.

OpenSSL had some vulnerability where they opted to disable SSLv2, and at least in netbsd-7 (I think in openssl too) the update was done such that the symbol still exists, but calling the function returns an error and something in python is not checking for error and tripping over itself.

Discussion here:

Home | Main Index | Thread Index | Old Index