AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
 View Only

  • 1.  Version mismatch in stunnel after openssl update

    Posted 3 days ago

    Dear Team,

    After updating openssl on AIX from 3.0.15 to 3.0.16 we are having problems with the stunnel software. System is at 7200-05-10-2520. Java is at 8.0.0.851. Openssh is at 9.9.3015.2000.
    See further information and messages below. Any ideas?
    autolinep9a:/root> ldd /opt/freeware/bin/stunnel
    /opt/freeware/bin/stunnel needs:
             /usr/lib/libc.a(shr_64.o)
             /usr/lib/libpthread.a(shr_xpg5_64.o)
             /usr/lib/libcrypto.a(libcrypto.so.3)
             /usr/lib/libssl.a(libssl.so.3)
             /unix
             /usr/lib/libcrypt.a(shr_64.o)
             /usr/lib/libpthreads.a(shr_xpg5_64.o)

    autolinep9a:/root> /opt/freeware/bin/stunnel -version
    Initializing inetd mode configuration
    stunnel 5.70 on powerpc-ibm-aix7.1.5.0 platform
    Compiled with OpenSSL 3.0.13 30 Jan 2024
    Running  with OpenSSL 3.0.16 11 Feb 2025
    INTERNAL ERROR: Double free attempt: ptr=110073160 alloc=crypto/threads_pthread.c:50 free#1=crypto/threads_pthread.c:149 free#2=crypto/threads_pthread.c:149
    Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,SNI

     Global options:
    INTERNAL ERROR: Double free attempt: ptr=1100741e0 alloc=crypto/threads_pthread.c:50 free#1=crypto/threads_pthread.c:149 free#2=crypto/threads_pthread.c:149
    RNDbytes               = 1024
    RNDfile                = /dev/urandom
    RNDoverwrite           = yes

     Service-level options:
    INTERNAL ERROR: Double free attempt: ptr=110075580 alloc=crypto/threads_pthread.c:50 free#1=crypto/threads_pthread.c:149 free#2=crypto/threads_pthread.c:149
    ciphers                = HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
    ciphersuites           = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3)
    curves                 = X25519:P-256:X448:P-521:P-384
    debug                  = daemon.notice
    logId                  = sequential
    options                = NO_SSLv2
    options                = NO_SSLv3
    securityLevel          = 2
    sessionCacheSize       = 1000
    sessionCacheTimeout    = 300 seconds
    stack                  = 65536 bytes
    TIMEOUTbusy            = 300 seconds
    TIMEOUTclose           = 60 seconds
    TIMEOUTconnect         = 10 seconds
    TIMEOUTidle            = 43200 seconds
    verify                 = none

     

    autolinep9a:/root> openssl version -a
    OpenSSL 3.0.16 11 Feb 2025 (Library: OpenSSL 3.0.16 11 Feb 2025)
    built on: Tue May 13 09:50:31 2025 UTC
    platform: aix-cc
    options:  bn(64,32)
    compiler: cc -qpic -q32 -qmaxmem=16384 -qro -qroconst -qthreaded -O -DB_ENDIAN -DOPENSSL_PIC -D_THREAD_SAFE -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -DSSL_ALLOW_ADH -DAIXSSL_IBM_VERSION=3.0.16.1000
    OPENSSLDIR: "/var/ssl"
    ENGINESDIR: "/usr/lib/engines-3"
    MODULESDIR: "/usr/lib/ossl-modules/32"
    Seeding source: os-specific
    CPUINFO: N/A

    Kind regards,

    Philip



    ------------------------------
    Philip Krab
    ------------------------------


  • 2.  RE: Version mismatch in stunnel after openssl update

    Posted yesterday

    Hi

    try to remove the openssl freeware and also update the openssl to latest from repository .

    If OpenSSL is already upto date and you are still getting error while running, then

    Check for the following old libs causing these issues and rename them under /opt/freeware/lib

    mv libcrypto.a libcrypto.a.bak

    mv libssl.a libssl.a.bak

    thanks



    ------------------------------
    Anas AlSaleh
    IBM Power Systems Software Specialist
    Saudi Business Machines ( SBM )
    Riyadh
    ------------------------------

    Original Message


Related Content