Follow-up Comment #6, bug #97585 (project xrootd): Hi Brian, This is a follow-up. I have got access to another SLC6 machine (the one used by SPI for they builds); the problem appears there too and I even get a crash, always related to the issue of the key. The valgrind output of the crash shows something fishy in the reading of the private key, e.g. ==15234== ==15234== 2 errors in context 28 of 28: ==15234== Invalid write of size 8 ==15234== at 0x3257860217: OPENSSL_cleanse (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x325788C860: BN_clear_free (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x325789D34E: RSA_free (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578C254A: ??? (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578C27EC: ??? (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578C2918: EVP_PKEY_assign (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578A0152: ??? (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578D2431: d2i_PrivateKey (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578E755F: PEM_read_bio_PrivateKey (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578E7680: PEM_read_PrivateKey (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x6BB1ED1: XrdCryptosslX509::XrdCryptosslX509(char const*, char const*) (XrdCryptosslX509.cc:123) ==15234== by 0x6BAD443: XrdCryptosslFactory::X509(char const*, char const*) (XrdCryptosslFactory.cc:320) ==15234== Address 0x5ac73d8 is 8 bytes inside a block of size 24 free'd ==15234== at 0x4A06469: free (vg_replace_malloc.c:446) ==15234== by 0x325785DA8C: CRYPTO_free (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x325789D34E: RSA_free (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578C254A: ??? (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578C27EC: ??? (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578D240E: d2i_PrivateKey (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578E755F: PEM_read_bio_PrivateKey (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x32578E7680: PEM_read_PrivateKey (in /usr/lib64/libcrypto.so.1.0.0) ==15234== by 0x6BB1ED1: XrdCryptosslX509::XrdCryptosslX509(char const*, char const*) (XrdCryptosslX509.cc:123) ==15234== by 0x6BAD443: XrdCryptosslFactory::X509(char const*, char const*) (XrdCryptosslFactory.cc:320) ==15234== by 0x698B6A8: XrdSecProtocolgsi::GetSrvCertEnt(XrdCryptoFactory*, int, XrdOucString&) (XrdSecProtocolgsi.cc:5113) ==15234== by 0x699008F: XrdSecProtocolgsi::Init(gsiOptions, XrdOucErrInfo*) (XrdSecProtocolgsi.cc:618) = The openssl version on these machines is $ openssl version OpenSSL 1.0.0-fips 29 Mar 2010 I have tried to install the latest 1.0.0 tag (1.0.0j) on one of the machines using the script coming with xrootd (utils/installOpenSSL.sh); when I do this the problem goes away and the valgrind output is clean (the script builds with the PURIFY switch so you do not get the usual BN_ unitialized stuff). So, I suspect that there is an issue with the openssl build; or maybe a bug fix not included; for example, I have found this: http://rhn.redhat.com/errata/RHBA-2012-1195.html which is not included in the version installed on the machines I used for these checks. I'll try to get this fix installed at least on one of these machines and see what happens. Gerri _______________________________________________________ Reply to this item at: <http://savannah.cern.ch/bugs/?97585> _______________________________________________ Message sent via/by LCG Savannah http://savannah.cern.ch/ ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1