1488800 – Changed module path breaks stunnel

Bug 1488800 - Changed module path breaks stunnel

Summary: Changed module path breaks stunnel

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libp11
Sub Component:
Version:	25
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Nikos Mavrogiannopoulos
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-09-06 08:47 UTC by Juha Tuomala
Modified:	2017-09-15 03:51 UTC (History)
CC List:	6 users (show)
Fixed In Version:	libp11-0.4.6-2.fc25
Clone Of:
Environment:
Last Closed:	2017-09-15 03:51:14 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Juha Tuomala 2017-09-06 08:47:06 UTC

Description of problem:
engine_pkcs11-0.4.0-2.fc25 had files:
 /usr/lib64/openssl/engines/libpkcs11.so
 /usr/lib64/openssl/engines/pkcs11.so

and stunnel worked fine. 

Updated engine_pkcs11-0.4.6-1 has files:
 /usr/lib64/engines-1.1/libpkcs11.so
 /usr/lib64/engines-1.1/pkcs11.so

and stunnel fails to start when configuration file has:
 engine = pkcs11

Version-Release number of selected component (if applicable):
0.4.6-1

How reproducible:
Always

Steps to Reproduce:
1. install stunne and engine_pkcs11, update system.
2. run: stunnel <config file> with given line inside it.


Actual results:
[ ] Enabling support for engine "pkcs11"
[!] error queue: 2606A074: error:2606A074:engine routines:ENGINE_by_id:no such engine
[!] error queue: 260B6084: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found
[!] error queue: 25070067: error:25070067:DSO support routines:DSO_load:could not load the shared library
[!] ENGINE_by_id: 25066067: error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library

Expected results:
[ ] Enabling support for engine "pkcs11"
[ ] UI not supported by engine #1 (pkcs11)
[ ] Initializing engine #1 (pkcs11)
[ ] Engine #1 (pkcs11) initialized
[.] FIPS mode disabled
[ ] Compression disabled

Comment 1 Juha Tuomala 2017-09-06 08:48:51 UTC

# dnf install -y /usr/lib64/openssl/engines/libpkcs11.so --allowerasing

works as workaround, but downgrades libp11 as well.

Comment 2 Tomas Mraz 2017-09-06 09:13:49 UTC

Yes, this is certainly bug in libp11 on Fedora 25 - the new module path applies only to OpenSSL-1.1 not to 1.0.x

Comment 3 Fedora Update System 2017-09-06 09:45:06 UTC

libp11-0.4.6-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-7898393d2d

Comment 4 Juha Tuomala 2017-09-06 10:34:37 UTC

Now it works with 0.4.6-2, thanks.

Comment 5 Nikos Mavrogiannopoulos 2017-09-06 12:00:14 UTC

Thank you for reporting that. Could you also leave "karma" on the bodhi page?

Comment 6 Fedora Update System 2017-09-06 22:24:09 UTC

libp11-0.4.6-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-7898393d2d

Comment 7 Fedora Update System 2017-09-15 03:51:14 UTC

libp11-0.4.6-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.