Bug 1488800

Summary: Changed module path breaks stunnel
Product: [Fedora] Fedora Reporter: Juha Tuomala <tuju>
Component: libp11Assignee: Nikos Mavrogiannopoulos <nmavrogi>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: dwmw2, extras-orphan, gmazyland, klember, nmavrogi, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libp11-0.4.6-2.fc25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-15 03:51:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Juha Tuomala 2017-09-06 08:47:06 UTC 
Description of problem:
engine_pkcs11-0.4.0-2.fc25 had files:
 /usr/lib64/openssl/engines/libpkcs11.so
 /usr/lib64/openssl/engines/pkcs11.so

and stunnel worked fine. 

Updated engine_pkcs11-0.4.6-1 has files:
 /usr/lib64/engines-1.1/libpkcs11.so
 /usr/lib64/engines-1.1/pkcs11.so

and stunnel fails to start when configuration file has:
 engine = pkcs11

Version-Release number of selected component (if applicable):
0.4.6-1

How reproducible:
Always

Steps to Reproduce:
1. install stunne and engine_pkcs11, update system.
2. run: stunnel <config file> with given line inside it.


Actual results:
[ ] Enabling support for engine "pkcs11"
[!] error queue: 2606A074: error:2606A074:engine routines:ENGINE_by_id:no such engine
[!] error queue: 260B6084: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found
[!] error queue: 25070067: error:25070067:DSO support routines:DSO_load:could not load the shared library
[!] ENGINE_by_id: 25066067: error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library

Expected results:
[ ] Enabling support for engine "pkcs11"
[ ] UI not supported by engine #1 (pkcs11)
[ ] Initializing engine #1 (pkcs11)
[ ] Engine #1 (pkcs11) initialized
[.] FIPS mode disabled
[ ] Compression disabled
Comment 1 Juha Tuomala 2017-09-06 08:48:51 UTC 
# dnf install -y /usr/lib64/openssl/engines/libpkcs11.so --allowerasing

works as workaround, but downgrades libp11 as well.
Comment 2 Tomas Mraz 2017-09-06 09:13:49 UTC 
Yes, this is certainly bug in libp11 on Fedora 25 - the new module path applies only to OpenSSL-1.1 not to 1.0.x
Comment 3 Fedora Update System 2017-09-06 09:45:06 UTC 
libp11-0.4.6-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-7898393d2d
Comment 4 Juha Tuomala 2017-09-06 10:34:37 UTC 
Now it works with 0.4.6-2, thanks.
Comment 5 Nikos Mavrogiannopoulos 2017-09-06 12:00:14 UTC 
Thank you for reporting that. Could you also leave "karma" on the bodhi page?
Comment 6 Fedora Update System 2017-09-06 22:24:09 UTC 
libp11-0.4.6-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-7898393d2d
Comment 7 Fedora Update System 2017-09-15 03:51:14 UTC 
libp11-0.4.6-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.