Forum OpenACS Development: Fatal Signal 11 with nsssl Naviserver

Collapse
Posted by Dave Bauer on
I am getting this error in the logs.

Is there a common mistake that could cause this?

[27/Jan/2015:22:21:44][30307.2aaaac4ddaf0][-main-] Notice: modload: loading module nssock from file
/usr/local/ns/bin/nssock.so
[27/Jan/2015:22:21:44][30307.2aaaac4ddaf0][-main-] Notice: nssock: enable 0 spooler thread(s)
[27/Jan/2015:22:21:44][30307.2aaaac4ddaf0][-main-] Notice: nssock: enable 2 writer thread(s) for dow
nloads >= 4096 bytes, bufsize=8192 bytes, HTML streaming 0
[27/Jan/2015:22:21:44][30307.2aaaac4ddaf0][-main-] Notice: modload: loading module nsssl from file /
usr/local/ns/bin/nsssl.so
[27/Jan/2015:22:21:44][30307.2aaaac4ddaf0][-main-] Notice: nsssl: enable 0 spooler thread(s)
[27/Jan/2015:22:21:44][30307.2aaaac4ddaf0][-main-] Warning: config: ns/server/taxonomy/module/nsssl:
writersize value=10, rounded up to 1024
[27/Jan/2015:22:21:44][30307.2aaaac4ddaf0][-main-] Notice: nsssl: enable 5 writer thread(s) for down
loads >= 1024 bytes, bufsize=16384 bytes, HTML streaming 1
[27/Jan/2015:22:21:44][30307.2aaaac4ddaf0][-main-] Fatal: received fatal signal 11

Collapse
Posted by Gustaf Neumann on
I have never seen this crash. The output from the error.log during the load of nsssl should read similar to the next-scripting.org error.log:
[21/Jan/2015:19:30:51][30833.7fc76528d700][-main-] Notice: modload: loading module nsssl from file nsssl.so
[21/Jan/2015:19:30:51][30833.7fc76528d700][-main-] Notice: nsssl: enable 0 spooler thread(s) 
[21/Jan/2015:19:30:51][30833.7fc76528d700][-main-] Warning: config: ns/server/next-scripting.org/module/nsssl:writersize value=10, rounded up to 1024
[21/Jan/2015:19:30:51][30833.7fc76528d700][-main-] Notice: nsssl: enable 5 writer thread(s) for downloads >= 1024 bytes, bufsize=16384 bytes, HTML streaming 1
[21/Jan/2015:19:30:51][30833.7fc76528d700][-main-] Notice: nsssl: disabling SSLv2
[21/Jan/2015:19:30:51][30833.7fc76528d700][-main-] Notice: nsssl: disabling SSLv3
[21/Jan/2015:19:30:51][30833.7fc76528d700][-main-] Notice: nsssl: version 0.5 loaded, based on OpenSSL 1.0.1k-fips 8 Jan 2015
[21/Jan/2015:19:30:51][30833.7fc76528d700][-main-] Notice: XOTcl 2.0.0 loaded
From this one can see that we get here messages from the OpenSSL initialization, then a message when OpenSSL is finished, and finally the loading message of XOTcl2.

So my questions are

  • Have you set the nsssl parameters like recommended on [1]? in particular the "protocol" parameter. if yes, then the crash happens inside OpenSSL which is quite strange.
  • what versions of naviserver, nsssl, openssl, tcl and xotcl/nsf do you have? (install-ns allows to install different version, releases and repository versions etc.).

-g

[1] https://bitbucket.org/naviserver/nsssl

Collapse
Posted by Dave Bauer on
Thanks for your help!

OpenSSL 1.0.2
Naviserver 4.99.6
Tcl 8.5.17
Tcllib 1.15
Thread 2.7.0
Xotcl 2.0.0
tDOM 0.8.3
Postgresql 9.4.0

I used the default openacs config for nsssl

example here

ns_section "ns/server/${server}/module/nsssl"
ns_param address $address
ns_param port $httpsport
ns_param ciphers "RC4:HIGH:!aNULL:!MD5;"
ns_param protocols "!SSLv2"
ns_param certificate $serverroot/etc/cert-includeskey.pem

ns_param verify 0
ns_param writerthreads 5
ns_param writersize 10
ns_param writerbufsize 16384 ;# 8192, buffer size for writer threads
ns_param writerstreaming true ;# false
ns_param deferaccept true ;# false, Performance optimization
ns_param maxinput [expr {$max_file_upload_mb * 1024*1024}] ;# Maximum File Size for uploads in bytes

Collapse
Posted by Gustaf Neumann on
Dear Dave, you have not mentioned the version of nsssl, but i assume it is 0.5, included in the *modules* tar file from sourceforge (via default setting from install-ns.sh). Is this correct?

OpenSSL 1.0.2 was released 5 days ago. It is not unlikely, that there is a problem with that. Can you link for against the version provided with you Linux distro?

Collapse
Posted by Gustaf Neumann on
Dear Dave,

i've downloaded, compiled and installed OpenSSL 1.0.2 and built it with the released versions of NaviServer and nsssl.
The error log says:

[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: modload: loading module nsssl from file nsssl.so
[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: nsssl: enable 0 spooler thread(s) 
[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: nsssl: enable 0 writer thread(s) 
[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: nsssl: disabling SSLv2
[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: nsssl: version 0.5 loaded, based on OpenSSL 1.0.2 22 Jan 2015
[28/Jan/2015:20:58:11][681.7ff035690700][-main-] Notice: XOTcl 2.0.0 loaded
so, loading the nsopenssl module is fine here (Ubuntu 12.04). However, furing build, i got the following message:
/usr/bin/ld: /usr/local/ssl/lib/libssl.a(s23_srvr.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
/usr/local/ssl/lib/libssl.a: could not read symbols: Bad value
After adding -fPIC to the Makefile (generated from config), and rebuilding everything, linking was ok.
Can it be, that there was a similar problem at your site?

-g

Collapse
Posted by Dave Bauer on
Thanks Gustaf again!

I am working with a system administrator on this and I sent him your recommendations. Once we figure it out I'll let you know. This is a Fedora based distribution so its not exactly the same as yours but I'll let you know.