Re: certbot segfaulting when invoked for renewing certificates

To: pkgsrc-users%NetBSD.org@localhost
Subject: Re: certbot segfaulting when invoked for renewing certificates
From: Nils Ratusznik <nils.ratusznik%anotherhomepage.org@localhost>
Date: Mon, 12 Dec 2016 09:11:11 +0100 (CET)


----- Le 11 Déc 16, à 19:11,  coypu%SDF.ORG@localhost a écrit :

> On Sun, Dec 11, 2016 at 10:01:24AM +0100, Gabriele Svelto wrote:
>>  Hello all,
>> I've got certbot installed (from pkgsrc's trunk, so version 0.9.3) and
>> I'm using it automatically to renew certificates on my machine. However
>> since the last couple of days it's consistently segfaulting when invoked
>> with the 'renew' command.
>> 
>> The bottom of the stack trace I get for the segfault looks like this:
>> 
>> #0  0x00007f7ff7e13fc0 in ?? ()
>> #1  0x00007f7ff0f4dd09 in internal_verify () from
>> /usr/pkg/lib/libcrypto.so.1.0.0
>> #2  0x00007f7ff0f4fb9e in X509_verify_cert () from
>> /usr/pkg/lib/libcrypto.so.1.0.0
>> #3  0x00007f7ff1444778 in ssl_verify_cert_chain () from
>> /usr/pkg/lib/libssl.so.1.0.0
>> #4  0x00007f7ff14203fc in ssl3_get_server_certificate () from
>> /usr/pkg/lib/libssl.so.1.0.0
>> #5  0x00007f7ff142505e in ssl3_connect () from /usr/pkg/lib/libssl.so.1.0.0
>> #6  0x00007f7ff142e61e in ssl23_connect () from /usr/pkg/lib/libssl.so.1.0.0
>> #7  0x00007f7feee59679 in _cffi_f_SSL_do_handshake () from
>> /usr/pkg/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so
>> #8  0x00007f7ff78e04e4 in PyEval_EvalFrameEx () from
>> /usr/pkg/lib/libpython2.7.so.1.0
>> 
>> I'm using pkgsrc's openssl BTW. I've found another thread about this but
>> no solution. Does anybody know what's going on? This has been working
>> properly for months so I'm not sure what changed.
>> 
>>  Gabriele
> 
> Last time it was discussed, someone created a reduced case and said removing
> security/py-ndg_httpsclient fixed the problem for the reduced case.
> 
> OpenSSL had some vulnerability where they opted to disable SSLv2, and at least
> in netbsd-7 (I think in openssl too) the update was done such that the symbol
> still exists, but calling the function returns an error and something in python
> is not checking for error and tripping over itself.
> 
> Discussion here:
> http://mail-index.netbsd.org/pkgsrc-users/2016/11/09/msg023932.html

Hi,

you can also have a look at pkg/51490 : https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51490

In case it helps someone going further, devel/py-cffi 1.9.1 did not solve the problem.
Also, security/py-acme depends on security/py-ndg_httpsclient.

Regards,

Nils

References:
- certbot segfaulting when invoked for renewing certificates
  - From: Gabriele Svelto
- Re: certbot segfaulting when invoked for renewing certificates
  - From: coypu

Prev by Date: main pkg(8)/synth development complete, but ...
Next by Date: Re: main pkg(8)/synth development complete, but ...
Previous by Thread: Re: certbot segfaulting when invoked for renewing certificates
Next by Thread: vdpau limited to some operating systems
Indexes:

Home | Main Index | Thread Index | Old Index