AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
#Power
 View Only
Back to discussions
Expand all | Collapse all

stunnel 5.70 crashing with memory error on AIX 7.1 after OpenSSL 3.0.15 upgrade

  • 1.  stunnel 5.70 crashing with memory error on AIX 7.1 after OpenSSL 3.0.15 upgrade

    Posted 9 days ago
    Edited by Lorraine Rizzuto 6 days ago

    Hello,

    I recently upgraded stunnel from 5.55 → 5.70, and OpenSSL from 1.0.1e → 3.0.15 on an AIX 7.1 server using IBM AIX Toolbox RPMs.

    Important note

    I have four lower-tier test environments running this exact combination successfully.
    However, on the production server, stunnel crashes immediately at startup with a “Memory fault”, even though versions and configuration match the working systems.

    Observed behavior on the production system

    Launching stunnel with the existing configuration shows normal initialization, certificate loading, and service binding, but finally ends with:

    LOG5[ui]: stunnel 5.70 on powerpc-ibm-aix7.1.3.0 platform

    LOG5[ui]: Compiled with OpenSSL 1.1.1l  24 Aug 2021

    LOG5[ui]: Running with OpenSSL 1.1.1x  30 Jan 2024

    ...

    LOG6[per-day]: Executing per-day jobs

    Memory fault

    Additional notes from the launch (paths made generic):

    [ui] Initializing inetd mode configuration

    [ui] Clients allowed=31999

    [ui] Reading configuration from file /path/to/stunnel/config/stunnel.conf

    [ui] FIPS mode disabled

    [ui] Session resumption enabled

    [ui] Loading certificate from /path/to/ssl/certs/stunnel-server.pem

    [ui] Loading private key from /path/to/ssl/certs/stunnel-server.key

    [ui] Private key check succeeded

    [ui] DH initialization skipped: no DH ciphersuites

    [ui] ECDH initialized with curves X25519:P-256:X448:P-521:P-384

    [ui] Binding service [example-service-default]

    [ui] Address already in use warnings appear (expected)

    Version Information

    stunnel -version

    Compiled with OpenSSL 1.1.1l  24 Aug 2021

    Running with OpenSSL 1.1.1x   30 Jan 2024

    ldd /usr/bin/stunnel

    libcrypto.so.1.1

    libssl.so.1.1

    libc.a(shr_64.o)

    libpthread.a(shr_xpg5_64.o)

    libcrypt.a(shr_64.o)

    ldd /usr/bin/openssl

    libcrypto.so.3

    libssl.so.3

    Library Archive Observation

    Running ar -tv on the OpenSSL archives shows that both OpenSSL 1.1.1 and OpenSSL 3.0.15 shared libraries are present in the same archive:

    ar -tv /usr/lib/libcrypto.a

    libcrypto.so.1.1

    libcrypto.so.3

    ar -tv /usr/lib/libssl.a

    libssl.so.1.1

    libssl.so.3

    System Information (sanitized)

    AIX 7.1 TLxx

    openssl.base 3.0.15.1000 COMMITTED

    Questions for the community

    1. Has anyone encountered stunnel 5.70 crashing on AIX when multiple OpenSSL versions exist in the system archives?
    2. Should stunnel 5.70 be rebuilt against OpenSSL 3.x to work reliably?
    3. Are there methods to control which shared library version AIX loads from a .a archive?
    4. Any recommended workarounds for production systems in this scenario?

    Thank you,
    Pavan Kumar Chilamakuri



Related Content