Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL Providers on FreeBSD 14 fail, can we have better error messages? #361

Closed
cron2 opened this issue Jul 7, 2023 · 4 comments
Closed

OpenSSL Providers on FreeBSD 14 fail, can we have better error messages? #361

cron2 opened this issue Jul 7, 2023 · 4 comments
Assignees
@schwabe
Labels
enhancement

Comments

@cron2
Copy link
Contributor

cron2 commented Jul 7, 2023
edited

So this on a FreeBSD 14 "current" build, about a week old sources (src commit 4ef3964b5f85f1, as of July 3).

OpenVPN complains on loading ossl 3 providers with

2023-07-07 13:55:34 OpenSSL: error:12800067:DSO support routines::could not load the shared library
2023-07-07 13:55:34 OpenSSL: error:12800067:DSO support routines::could not load the shared library
2023-07-07 13:55:34 OpenSSL: error:07880025:common libcrypto routines::reason(524325)
2023-07-07 13:55:34 failed to load provider 'legacy'
2023-07-07 13:55:34 Exiting due to fatal error

which is highly non-helpful.

OpenSSL itself prints

$ openssl list -provider legacy -providers
list: unable to load provider legacy
Hint: use -provider-path option or OPENSSL_MODULES environment variable.
002061D751340000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/ossl-modules/legacy.so): /usr/lib/ossl-modules/legacy.so: Undefined symbol "ossl_md4_functions"
002061D751340000:error:12800067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:152:
002061D751340000:error:07880025:common libcrypto routines:provider_init:reason(524325):/usr/src/crypto/openssl/crypto/provider_core.c:912:name=legacy

... so it seems something in the build was messed-up wrt dependencies between various libcrypto bits and pieces - but that's what this issue is about. It's about "can we make OpenVPN print the full OpenSSL error messages here?"...
@cron2
Copy link
Contributor Author

cron2 commented Jul 7, 2023

It's not the usual "we do not have the full error stack" thing, more "we do have all (3) messages, but there is a --verbose flag missing"...?!

@schwabe
Copy link
Contributor

schwabe commented Jul 7, 2023
edited

There is a new ERR_get_error_all in OpenSSL 3.0+ instead of just ERR_get_error that we currently use.

I will look into that when time permits

@cron2
Copy link
Contributor Author

cron2 commented Jul 7, 2023

On the FreeBSD side, it's not "my system is weird" but "other people have hit this too"... https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272281

@cron2
Copy link
Contributor Author

cron2 commented Aug 11, 2023

commit 0f8485f (master)
commit 101499a (release/2.6)
Author: Arne Schwabe
Date: Fri Aug 11 14:15:03 2023 +0200

 show extra info for OpenSSL errors

thanks!

@cron2 cron2 closed this as completed Aug 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schwabe schwabe

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@schwabe @cron2