# OpenSSL or base SSL leading to segfault



## jyavenard (Sep 9, 2010)

Hi there.

I have updated one of my FreeBSD, moving from NIS to LDAP.

As part of moving to LDAP, I installed nss_ldap and nss_ldap

Now whenever I use some commands like ssh, or even telnet it leads to a segfault.
I can not login into the machine via ssh anymore, as sshd too would crash instantly

Looking at the core generated, the segfault occurs in libssl.

I've found that if I remove the openssl port, and recompile all the packages so it links to the base ssl and crypto library then everything is fine.

However, if I install openssl from ports, and have the ports linked against this port, then the base system starts to play up.

My guess is that as I used the base sshd which is linked against the base crypto/ssl using the ldap_pam module , which in turn is linked to libldap which is linked to port/openssl ; this create a conflict somewhere leading to the crash.

Ultimately, this wouldn't bother me too much, and could stay way the base libssl, however, I have found that subversion/neon do not work properly with it and leads to some SSL error. They both work great when using openssl in port.

Any ideas on what I should do?

Thank you


----------



## aragon (Sep 9, 2010)

jyavenard said:
			
		

> Ultimately, this wouldn't bother me too much, and could stay way the base libssl, however, I have found that subversion/neon do not work properly with it and leads to some SSL error. They both work great when using openssl in port.
> 
> Any ideas on what I should do?


Perhaps you could rebuild neon with ports OpenSSL linked statically and then uninstall ports OpenSSL, or maybe try rebuild subversion with serf (neon disabled) linked to base OpenSSL.


----------



## jyavenard (Sep 9, 2010)

That's what I did... and it worked ..

Now just have to recompile once again all packages ... going to take forever once again


----------



## Galactic_Dominator (Sep 9, 2010)

jyavenard said:
			
		

> That's what I did... and it worked ..
> 
> Now just have to recompile once again all packages ... going to take forever once again



A better solution for the future would be to create a jail, and compile your stuff there, make a package of it, then install it in the host.

It will save a lot of time, and you can use normal port managment tools to minimize time.  Or even build your own pkg server.


----------

