Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only
Back to discussions
Expand all | Collapse all

Version mismatch in stunnel after openssl update

  • 1.  Version mismatch in stunnel after openssl update

    Posted 19 days ago

    Dear Team,

    After updating openssl on AIX from 3.0.15 to 3.0.16 we are having problems with the stunnel software. System is at 7200-05-10-2520. Java is at 8.0.0.851. Openssh is at 9.9.3015.2000.
    See further information and messages below. Any ideas?
    autolinep9a:/root> ldd /opt/freeware/bin/stunnel
    /opt/freeware/bin/stunnel needs:
             /usr/lib/libc.a(shr_64.o)
             /usr/lib/libpthread.a(shr_xpg5_64.o)
             /usr/lib/libcrypto.a(libcrypto.so.3)
             /usr/lib/libssl.a(libssl.so.3)
             /unix
             /usr/lib/libcrypt.a(shr_64.o)
             /usr/lib/libpthreads.a(shr_xpg5_64.o)

    autolinep9a:/root> /opt/freeware/bin/stunnel -version
    Initializing inetd mode configuration
    stunnel 5.70 on powerpc-ibm-aix7.1.5.0 platform
    Compiled with OpenSSL 3.0.13 30 Jan 2024
    Running  with OpenSSL 3.0.16 11 Feb 2025
    INTERNAL ERROR: Double free attempt: ptr=110073160 alloc=crypto/threads_pthread.c:50 free#1=crypto/threads_pthread.c:149 free#2=crypto/threads_pthread.c:149
    Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,SNI

     Global options:
    INTERNAL ERROR: Double free attempt: ptr=1100741e0 alloc=crypto/threads_pthread.c:50 free#1=crypto/threads_pthread.c:149 free#2=crypto/threads_pthread.c:149
    RNDbytes               = 1024
    RNDfile                = /dev/urandom
    RNDoverwrite           = yes

     Service-level options:
    INTERNAL ERROR: Double free attempt: ptr=110075580 alloc=crypto/threads_pthread.c:50 free#1=crypto/threads_pthread.c:149 free#2=crypto/threads_pthread.c:149
    ciphers                = HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
    ciphersuites           = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3)
    curves                 = X25519:P-256:X448:P-521:P-384
    debug                  = daemon.notice
    logId                  = sequential
    options                = NO_SSLv2
    options                = NO_SSLv3
    securityLevel          = 2
    sessionCacheSize       = 1000
    sessionCacheTimeout    = 300 seconds
    stack                  = 65536 bytes
    TIMEOUTbusy            = 300 seconds
    TIMEOUTclose           = 60 seconds
    TIMEOUTconnect         = 10 seconds
    TIMEOUTidle            = 43200 seconds
    verify                 = none

     

    autolinep9a:/root> openssl version -a
    OpenSSL 3.0.16 11 Feb 2025 (Library: OpenSSL 3.0.16 11 Feb 2025)
    built on: Tue May 13 09:50:31 2025 UTC
    platform: aix-cc
    options:  bn(64,32)
    compiler: cc -qpic -q32 -qmaxmem=16384 -qro -qroconst -qthreaded -O -DB_ENDIAN -DOPENSSL_PIC -D_THREAD_SAFE -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -DSSL_ALLOW_ADH -DAIXSSL_IBM_VERSION=3.0.16.1000
    OPENSSLDIR: "/var/ssl"
    ENGINESDIR: "/usr/lib/engines-3"
    MODULESDIR: "/usr/lib/ossl-modules/32"
    Seeding source: os-specific
    CPUINFO: N/A

    Kind regards,

    Philip



    ------------------------------
    Philip Krab
    ------------------------------


Related Content