Re: relayd CA engine failed

Sun, 04 May 2014 07:13:40 -0700 

Hi,

On Sun, May 04, 2014 at 03:52:31PM +0200, Björn Ketelaars wrote:
> I'm attempting a SSL accelerator using relayd on current using the following
> config:
> 
> # cat /etc/relayd.conf
> prefork 1
> 
> relay wwwssl {
>         listen on 48.42.218.18 port 443 ssl
> 
>         forward to 10.0.0.11 port http
> }
> 
> Unfortunately relayd exits complaining about "CA engine failed: No such file 
> or
> directory":
> 
> # relayd -dvv
> startup
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> relay_load_certfiles: using certificate /etc/ssl/48.42.218.18.crt
> relay_load_certfiles: using private key /etc/ssl/private/48.42.218.18.key
> relay_privinit: adding relay wwwssl
> protocol -1: name default
>         flags: used, relay flags: ssl
>         ssl flags: sslv3, tlsv1
>         type: tcp
> fatal: CA engine failed: No such file or directory
> ca exiting, pid 24561
> fatal: parent: Broken pipe
> fatal: CA engine failed: No such file or directory
> hce exiting, pid 25463
> 
> I have no idea about what file or directory is missing. Any suggestions maybe?
> 

Thanks for reporting!  (please use [email protected] in the future)

Can you please try with the attached diff to get more info?  It
doesn't fix anything but hopefully provides more info. 

> 
> glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES

Maybe the Geode crypto engine is getting in the way.

Reyk

Index: ca.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/ca.c,v
retrieving revision 1.7
diff -u -p -u -p -r1.7 ca.c
--- ca.c        22 Apr 2014 08:04:23 -0000      1.7
+++ ca.c        4 May 2014 14:09:10 -0000
@@ -423,14 +423,20 @@ rsae_keygen(RSA *rsa, int bits, BIGNUM *
 int
 ca_engine_init(struct relayd *x_env)
 {
-       ENGINE  *e;
+       ENGINE          *e;
+       const char      *errstr;
 
        if (env == NULL)
                env = x_env;
 
-       if ((e = ENGINE_get_default_RSA()) == NULL ||
-           (rsa_default = ENGINE_get_RSA(e)) == NULL)
-               return (-1);
+       if ((e = ENGINE_get_default_RSA()) == NULL) {
+               errstr = "ENGINE_get_default_RSA";
+               goto fail;
+       }
+       if ((rsa_default = ENGINE_get_RSA(e)) == NULL) {
+               errstr = "ENGINE_get_RSA";
+               goto fail;
+       }
 
        if (rsa_default->flags & RSA_FLAG_SIGN_VER)
                fatalx("unsupported RSA engine");
@@ -447,9 +453,18 @@ ca_engine_init(struct relayd *x_env)
            RSA_METHOD_FLAG_NO_CHECK;
        rsae_method.app_data = rsa_default->app_data;
 
-       if (!ENGINE_set_RSA(e, &rsae_method) ||
-           !ENGINE_set_default_RSA(e))
-               return (-1);
+       if (!ENGINE_set_RSA(e, &rsae_method)) {
+               errstr = "ENGINE_set_RSA";
+               goto fail;
+       }
+       if (!ENGINE_set_default_RSA(e)) {
+               errstr = "ENGINE_set_default_RSA";
+               goto fail;
+       }
 
        return (0);
+
+ fail:
+       ssl_error(__func__, errstr);
+       fatalx(errstr);
 }

Reply via email to