[xmlsec] Segmentation Fault on Mac OSX 10.9 (Maverick)

Ryan Floyd ryandfloyd at gmail.com
Wed Jan 22 13:01:01 PST 2014


Ok, I figured it out.

Here’s a dump of my brew formula for xmlsec1:

> require 'formula'
> 
> class Libxmlsec1 < Formula
>   homepage 'http://www.aleksey.com/xmlsec/'
>   url 'http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.19.tar.gz'
>   sha1 '9f24f84bf6f4a61fc55637f016b56c0f44c048ba'
> 
>   depends_on 'pkg-config' => :build
> 
>   # Add HOMEBREW_PREFIX/lib to dl load path
>   def patches; DATA; end
> 
>   def install
>     system "./configure", "--disable-dependency-tracking",
>                           "--prefix=#{prefix}",
>                           "--with-libxml=#{Formula.factory("libxml2").opt_prefix}",
>                           "--disable-crypto-dl",
>                           "--disable-apps-crypto-dl",
>                           "--with-openssl=/usr/local/Cellar/openssl/1.0.1e/"
>     system "make install"
>   end
> end


Notice the omission of dependent packages (and libxml2, since Mac OSX 10.9 (Maverick) ships with a compatible version)
  depends_on 'libxml2' # Version on 10.6/10.7 is too old
  depends_on 'gnutls' => :recommended
  depends_on 'libgcrypt' unless build.without? ‘gnutls'

And then the addition of  "--with-openssl=/usr/local/Cellar/openssl/1.0.1e/“ pointing directly to the lib path for OpenSSL. YMMV depending on the release of openssl you got from brew.

That’s it, now my execution of xmlsec1 works correctly.

Thanks Aleksey for all your help! 

-Ryan


On Jan 22, 2014, at 2:14 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:

> LD_LIBRARY_PATH (or whatever the equivalent on MacOSX)
> 
> Aleksey
> 
> On 1/22/14, 12:07 PM, Ryan Floyd wrote:
>> Yea, so why did it find OpenSSL 0.9.8 (which shipped with my MBP) if I’m statically linking libcrypto.a to 1.0.1.e?
>> 
>> And we can’t use dynamic linking, per an earlier discussion, in the brew formula, it specifies:
>> "--disable-crypto-dl”,
>> "--disable-apps-crypto-dl",
>> 
>> Uncommenting these will result in different errors.
>> 
>> Or, did I not properly install openssl 1.0.1.e to be the default runtime?
>> 
>> Thanks for your help, 
>> Ryan
>> 
>> On Jan 22, 2014, at 1:57 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:
>> 
>>> Different version of OpenSSL during build and run times?
>>> 
>>> Aleksey
>>> 
>>> On 1/22/14, 11:51 AM, Ryan Floyd wrote:
>>>> Hi all, 
>>>> 
>>>> I’ve been wrestling getting xmlsec1 to work properly on my MacBook Pro
>>>> 13.3” Retina with 10.9 (Maverick). I installed Openssl 1.0.1e through
>>>> Brew, and then changed the /usr/lib/libscrypto.dylib and
>>>> /usr/lib/libssl.dylib and /usr/bin/openssl to point to the Brew openssl
>>>> version:
>>>>> openssl version
>>>> OpenSSL 1.0.1e 11 Feb 2013
>>>> 
>>>> Then I changed the Brew formula for xmlsec1, adding the configure
>>>> parameter to use openssl: "--with-openssl=/usr”
>>>> 
>>>> At the point the installation failed, looking for the static
>>>> libcrypto.a. I manually linked the libscrypto.a library:
>>>> sudo ln -s /usr/local/Cellar/openssl/1.0.1e/lib/libcrypto.a
>>>> /usr/lib/libcrypto.a
>>>> 
>>>> At this point, all seems fine, I can execute xmlsec1 —help, and the
>>>> program executes. However, when I try to actually do anything useful
>>>> with xmlsec1, it throws an Segmentation Fault (Error -11). From the
>>>> debugger, this is the actual error:
>>>> 
>>>>> r --verify --pubkey-cert-pem ~/tmp/pubkey.pem --id-attr:ID
>>>>> 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' ~/tmp/verify.xml
>>>>> There is a running process, kill it and restart?: [Y/n] y
>>>>> Process 54301 launched: '/usr/bin/xmlsec1' (x86_64)
>>>>> Process 54301 stopped
>>>>> * thread #1: tid = 0x9df18c, 0x00000001000ae1f1
>>>>> libxmlsec1-openssl.1.dylib`EVP_PKEY_CTX_free + 14, queue =
>>>>> 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
>>>>>  frame #0: 0x00000001000ae1f1
>>>>> libxmlsec1-openssl.1.dylib`EVP_PKEY_CTX_free + 14
>>>>> libxmlsec1-openssl.1.dylib`EVP_PKEY_CTX_free + 14:
>>>>> -> 0x1000ae1f1:  movq   (%rbx), %rax
>>>>> 0x1000ae1f4:  testq  %rax, %rax
>>>>> 0x1000ae1f7:  je     0x1000ae207               ; EVP_PKEY_CTX_free + 36
>>>>> 0x1000ae1f9:  movq   24(%rax), %rax
>>>> 
>>>> 
>>>> (BTW, if I don’t specify with-openssl, it will use libgcrypt, and I
>>>> still get the same error, here’s that stack)
>>>> 
>>>>> r --verify --pubkey-cert-pem ~/tmp/pubkey.pem --id-attr:ID
>>>>> 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' ~/tmp/verify.xml
>>>>> There is a running process, kill it and restart?: [Y/n] y
>>>>> Process 2982 launched: '/usr/bin/xmlsec1' (x86_64)
>>>>> Process 2982 stopped
>>>>> * thread #1: tid = 0x9c72b2, 0x000000010012777d
>>>>> libcrypto.1.0.0.dylib`EVP_PKEY_CTX_free + 14, queue =
>>>>> 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
>>>>>  frame #0: 0x000000010012777d
>>>>> libcrypto.1.0.0.dylib`EVP_PKEY_CTX_free + 14
>>>>> libcrypto.1.0.0.dylib`EVP_PKEY_CTX_free + 14:
>>>>> -> 0x10012777d:  movq   (%rbx), %rax
>>>>> 0x100127780:  testq  %rax, %rax
>>>>> 0x100127783:  je     0x100127793               ; EVP_PKEY_CTX_free + 36
>>>>> 0x100127785:  movq   24(%rax), %rax
>>>> 
>>>> On my production system, Ubuntu 12.04.3, I installed via apt, and
>>>> everything works fine:
>>>>> sudo apt-get install xmlsec1
>>>> 
>>>> 
>>>> Any help is appreciated.
>>>> 
>>>> I’ve attached the verbose brew log.
>>>> 
>>>> 
>>>> Thanks,
>>>> Ryan
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> xmlsec mailing list
>>>> xmlsec at aleksey.com
>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>> 
>> 



More information about the xmlsec mailing list