Novell Home

My Favorites

Close

Please to see your favorites.

stunnel service does not start anymore after libopenssl0_9_8-0.9.8j-0.44.1 has been installed patching SLES11SP1

This document (7010536) is provided subject to the disclaimer at the end of this document.

Environment

NetIQ Access Manager 3.1.5
NetIQ Access Manager 3.2.1
SUSE Linux Enterprise Server 11 Service Pack 1
SUSE Linux Enterprise Server 11 Service Pack 2

Situation

  • SSLVPN stunnel service / binary does not start:

    • after applying latest SLES11SP1 patches through the official update channel.
    • on a fresh SLES11SP2 installation
    • after applying libopenssl0_9_8-0.9.8j-0.44.1 tunnel service will not load properly.

  • Starting SSLVPN returns the following:

    SSL VPN Service has been stopped.
    Starting SSL VPN Service ......
    stunnel: pthread_mutex_lock.c:62: __pthread_mutex_lock: Assertion `mutex->__data.__owner == 0' failed.
    SOCKD is running
    SOCKD is registered
    STUNNEL is not running
    OPENVPN is running

Resolution

  • a new version compiled to OpenSSL 0.9.8j:

    stunnel 4.20 on i686-suse-linux with OpenSSL 0.9.8j-fips 07 Jan 2009

    Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4


    has been included with "NetIQ Access Manager 3.2 Support Pack 1 Interim Release 1a 3.2.1-201"

  • For NetIQ Access Manager 3.2.1
    • download and install: "NetIQ Access Manager 3.2 Support Pack 1 Interim Release 1a 3.2.1-201"

  • For Novell Access Manager 3.1.5

    • download "NetIQ Access Manager 3.2 Support Pack 1 Interim Release 1a 3.2.1-201"
    • copy the patch to your workstation
    • Unpack the AM_32_SP1_IR1a.zip archive: "unzip AM_32_SP1_IR1a.zip"
    • Change into the new directory: "cd AM_32_SP1_IR1a"
    • The AM_32_SP1_IR1a_201.patch is a zip file which can be extracted
      (AM_32_SP1_IR1a_201.patch: Zip archive data, at least v2.0 to extract)
      run: "unzip AM_32_SP1_IR1a_201.patch"
    • The new stunnel version can be found in the subdirectory : "Linux/opt/novell/sslvpn/bin"
    • Create a backup of the existing stunnel binary at your sslvpn server:
      "cp /opt/novell/sslvpn/bin/stunnel /opt/novell/sslvpn/bin/stunnel.old"
    • Copy the new stunnel binary over to your SSLVPN server
    • restart your SSLVPN server
Note: Novell Access Manager Service Pack 5 should have included the fix as well but it in fact the fix did not make it into SP5. The statemen in the SP5 readme is wrong

Cause

  • stunnel version shipped with Novell Access Manager 3.1.5 and NetIQ Access Manager 3.2.1

    stunnel 4.20 on i686-suse-linux with OpenSSL 0.9.8a 11 Oct 2005
    Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4


    has not been compiled to run with libopenssl0_9_8-0.9.8j-0.44.1

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7010536
  • Creation Date:30-JUL-12
  • Modified Date:18-MAY-13
    • NetIQAccess Manager (NAM)

Did this document solve your problem? Provide Feedback