Environment
NetIQ Access Manager 4.2
Situation
After installing AM_42_AccessGatewayService_Linux64.tar.gz in SLES 12, dig and nslookup host commands fails due to crypto failure
lab42devlag01:~/novell-access-gateway-4.2.0.0-221 # dig 26-Jan-2016 17:17:43.727 ENGINE_by_id failed (crypto failure) 26-Jan-2016 17:17:43.727 error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:232: 26-Jan-2016 17:17:43.727 error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:465: 26-Jan-2016 17:17:43.727 error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:389:id=gost dig: dst_lib_init: crypto failure
Resolution
Create the folder /root/FIPS/Linux_x86_64/lib/engines/ and create a symbolic link libgost.so and make it point to /opt/novell/openssl/lib/engines/libgost.so. msingh12:~/FIPS/Linux_x86_64/lib/engines # ls -ltr total 4 lrwxrwxrwx 1 root root 42 Jan 26 18:24 libgost.so -> /opt/novell/openssl/lib/engines/libgost.so msingh12:~/FIPS/Linux_x86_64/lib/engines # dig and nslookup command works after using the above steps. msingh12:~/FIPS/Linux_x86_64/lib/engines # dig ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32628 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 483608 IN NS d.root-servers.net. . 483608 IN NS e.root-servers.net. . 483608 IN NS l.root-servers.net. . 483608 IN NS f.root-servers.net. . 483608 IN NS m.root-servers.net. . 483608 IN NS i.root-servers.net. . 483608 IN NS g.root-servers.net. . 483608 IN NS h.root-servers.net. . 483608 IN NS c.root-servers.net. . 483608 IN NS k.root-servers.net. . 483608 IN NS j.root-servers.net. . 483608 IN NS b.root-servers.net. . 483608 IN NS a.root-servers.net. ;; Query time: 1 msec ;; SERVER: 137.65.247.1#53(137.65.247.1) ;; WHEN: Tue Jan 26 18:25:09 MST 2016 ;; MSG SIZE rcvd: 239
Cause
dig is trying to use library libgost.so. When AG service is installed it places the library @/opt/novell/openssl/lib/engines/libgost.so but the dig command is compiled using /root/FIPS/Linux_x86_64/lib/engines/libgost.so. msingh12:/opt/novell/openssl/lib/engines # strace -ffF -s200 dig 2>&1 | fgrep gost open("/root/FIPS/Linux_x86_64/lib/engines/libgost.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) write(2, "26-Jan-2016 18:22:08.919 error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:389:id=gost\n", 10726-Jan-2016 18:22:08.919 error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:389:id=gost