Hi all.

This is a it-does-work-for-everyone-but-me question:

I'm running openssl-0.9.8g on gentoo. Since updating from 0.9.7X (X something
I can't remember) to 0.9.8[efg], openssl initialization keeps crashing for
me.

My proceedings so far:

* after startup kded is running
* open any site that uses cookies
* if lucky, get a you-need-cookies-enabled warning
* restart kded on konsole
* hook gdb on kded process
* reopen site
* get backtrace that points to openssl
-> ask for help


Output from kded:
=================
[...]
kdecore (KLibLoader): Loading the next library global with flag 257.
kdecore (KLibLoader): WARNING: KLibrary: /usr/lib/libcrypto.so.0.9.8:
undefined symbol: PKCS7_content_free
kdecore (KLibLoader): Loading the next library global with flag 257.
KDE Daemon (kded) already running.
kded: ERROR: Communication problem with kded, it probably crashed.


Please note, the "undefined symbol" is there since ages and it is stated on
many a place that it's not related to the problem (see bugs.kde.org).


gdb backtrace:
==============
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb64f56d0 (LWP 7893)]
0xb7ef9f14 in _dl_relocate_object () from /lib/ld-linux.so.2
(gdb) bt
#0 0xb7ef9f14 in _dl_relocate_object () from /lib/ld-linux.so.2
#1 0xb7f00a06 in dl_open_worker () from /lib/ld-linux.so.2
#2 0xb7efc892 in _dl_catch_error () from /lib/ld-linux.so.2
#3 0xb7f002ce in _dl_open () from /lib/ld-linux.so.2
#4 0xb675ec3d in dlopen_doit () from /lib/libdl.so.2
#5 0xb7efc892 in _dl_catch_error () from /lib/ld-linux.so.2
#6 0xb675f0dc in _dlerror_run () from /lib/libdl.so.2
#7 0xb675eb71 in dlopen@@GLIBC_2.1 () from /lib/libdl.so.2
#8 0xb5ea3b5d in dlfcn_load () from /usr/lib/libcrypto.so.0.9.8
#9 0xb5ea47e3 in DSO_load () from /usr/lib/libcrypto.so.0.9.8
#10 0xb5f05251 in COMP_zlib () from /usr/lib/libcrypto.so.0.9.8
#11 0xb5df8a3b in load_builtin_compressions () from /usr/lib/libssl.so.0.9.8
#12 0xb5df8c32 in SSL_COMP_get_compression_methods ()
from /usr/lib/libssl.so.0.9.8
#13 0xb5dfeb69 in SSL_library_init () from /usr/lib/libssl.so.0.9.8
#14 0xb7cd76ba in KOpenSSLProxy (this=0x81c6360) at kopenssl.cc:579
#15 0xb7cd78be in KOpenSSLProxy::self () at kopenssl.cc:634
#16 0xb7cc8f7f in KSSLCertificate::fromString (cert=@0xbfcd0318)
at ksslcertificate.cc:153
#17 0xb5f561b2 in KSSLD::cacheLoadDefaultPolicies (this=0x81c52f8)
at kssld.cpp:251
#18 0xb5f58428 in KSSLD (this=0x81c52f8, name=@0xbfcd0450) at kssld.cpp:122
#19 0xb5f5847e in create_kssld (name=@0xbfcd0450) at kssld.cpp:57
#20 0xb7ee2ea9 in Kded::loadModule (this=0x80577b8, s=0x81694c8,
onDemand=true) at kded.cpp:297
#21 0xb7ee3480 in Kded::loadModule (this=0x80577b8, obj=@0xbfcd072c,
onDemand=true) at kded.cpp:239
[...]

It is to note that ...
* after a while and many, many attempts, it happens to work at some point and
keeps working.
* SSH is not affected (don't know if the same code is run, though)
* the testsuite shows 3 errors (see below)


Any hints or pointers?

Daniel



testsuite:
==========
test sslv2
Available compression methods:
1: zlib compression
SSLv2, cipher SSLv2 DES-CBC3-MD5, 512 bit RSA
1 handshakes of 256 bytes done
test sslv2 with server authentication
Available compression methods:
1: zlib compression
server authentication
Initial proxy rights = C
depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
Certificate proxy rights = AB, resulting proxy rights = none
Proxy rights check with condition 'A' proved invalid
ERROR in CLIENT
22701:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify
failed:s2_clnt.c:1049:
SSLv2, cipher (NONE) (NONE)
1 handshakes of 256 bytes done
test sslv2
Available compression methods:
1: zlib compression
SSLv2, cipher SSLv2 DES-CBC3-MD5, 512 bit RSA
1 handshakes of 256 bytes done
test sslv2 with server authentication
Available compression methods:
1: zlib compression
server authentication
Initial proxy rights = C
depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
Certificate proxy rights = AB, resulting proxy rights = none
Proxy rights check with condition 'B' proved invalid
ERROR in CLIENT
22739:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify
failed:s2_clnt.c:1049:
SSLv2, cipher (NONE) (NONE)
1 handshakes of 256 bytes done
test sslv2
Available compression methods:
1: zlib compression
SSLv2, cipher SSLv2 DES-CBC3-MD5, 512 bit RSA
1 handshakes of 256 bytes done
test sslv2 with server authentication
Available compression methods:
1: zlib compression
server authentication
Initial proxy rights = C
depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
Certificate proxy rights = AB, resulting proxy rights = none
Proxy rights check with condition 'C' proved invalid
ERROR in CLIENT
22815:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify
failed:s2_clnt.c:1049:
SSLv2, cipher (NONE) (NONE)
1 handshakes of 256 bytes done
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org