Forum OpenACS Development: Re: Fatal Signal 11 with nsssl Naviserver

Collapse
3: Re: Fatal Signal 11 with nsssl Naviserver (response to 2)
Posted by Dave Bauer on 01/28/15 07:46 PM
Thanks for your help!

OpenSSL 1.0.2
Naviserver 4.99.6
Tcl 8.5.17
Tcllib 1.15
Thread 2.7.0
Xotcl 2.0.0
tDOM 0.8.3
Postgresql 9.4.0

I used the default openacs config for nsssl

example here

ns_section "ns/server/${server}/module/nsssl"
ns_param address $address
ns_param port $httpsport
ns_param ciphers "RC4:HIGH:!aNULL:!MD5;"
ns_param protocols "!SSLv2"
ns_param certificate $serverroot/etc/cert-includeskey.pem

ns_param verify 0
ns_param writerthreads 5
ns_param writersize 10
ns_param writerbufsize 16384 ;# 8192, buffer size for writer threads
ns_param writerstreaming true ;# false
ns_param deferaccept true ;# false, Performance optimization
ns_param maxinput [expr {$max_file_upload_mb * 1024*1024}] ;# Maximum File Size for uploads in bytes

Collapse
4: Re: Fatal Signal 11 with nsssl Naviserver (response to 3)
Posted by Gustaf Neumann on 01/28/15 08:05 PM
Dear Dave, you have not mentioned the version of nsssl, but i assume it is 0.5, included in the *modules* tar file from sourceforge (via default setting from install-ns.sh). Is this correct?

OpenSSL 1.0.2 was released 5 days ago. It is not unlikely, that there is a problem with that. Can you link for against the version provided with you Linux distro?

Collapse
5: Re: Fatal Signal 11 with nsssl Naviserver (response to 4)
Posted by Gustaf Neumann on 01/28/15 09:07 PM
Dear Dave,

i've downloaded, compiled and installed OpenSSL 1.0.2 and built it with the released versions of NaviServer and nsssl.
The error log says: 

[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: modload: loading module nsssl from file nsssl.so
[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: nsssl: enable 0 spooler thread(s) 
[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: nsssl: enable 0 writer thread(s) 
[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: nsssl: disabling SSLv2
[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: nsssl: version 0.5 loaded, based on OpenSSL 1.0.2 22 Jan 2015
[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: XOTcl 2.0.0 loaded
so, loading the nsopenssl module is fine here (Ubuntu 12.04). However, furing build, i got the following message: 
/usr/bin/ld: /usr/local/ssl/lib/libssl.a(s23_srvr.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
/usr/local/ssl/lib/libssl.a: could not read symbols: Bad value
After adding -fPIC to the Makefile (generated from config), and rebuilding everything, linking was ok.
Can it be, that there was a similar problem at your site?

-g

Collapse
6: Re: Fatal Signal 11 with nsssl Naviserver (response to 5)
Posted by Dave Bauer on 01/28/15 09:16 PM
Thanks Gustaf again!

I am working with a system administrator on this and I sent him your recommendations. Once we figure it out I'll let you know. This is a Fedora based distribution so its not exactly the same as yours but I'll let you know.