[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2400: OpenSSL.crypto.Error (unknown message digest algorithm) when starting a node, using OpenSSL 1.0.1k-fips
Tahoe-LAFS
trac at tahoe-lafs.org
Fri Apr 10 23:59:41 UTC 2015
#2400: OpenSSL.crypto.Error (unknown message digest algorithm) when starting a
node, using OpenSSL 1.0.1k-fips
-------------------------------------------------+-------------------------
Reporter: daira | Owner: daira
Type: defect | Status: new
Priority: major | Milestone:
Component: code-network | undecided
Keywords: packaging fedora openssl fips | Version: 1.10.0
tahoe-start | Launchpad Bug:
-------------------------------------------------+-------------------------
Gabe reported:
was able to build tahoe successfully, and can 'create-client' as well,
however `tahoe start` fails due to pyOpenSSL error:
{{{
Traceback (most recent call last):
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py",
line 645, in run
runApp(config)
File "/usr/lib64/python2.7/site-packages/twisted/scripts/twistd.py",
line 23, in runApp
_SomeApplicationRunner(config).run()
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py",
line 379, in run
self.application = self.createOrGetApplication()
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py",
line 444, in createOrGetApplication
application = getApplication(self.config, passphrase)
--- <exception caught here> ---
File "/usr/lib64/python2.7/site-packages/twisted/application/app.py",
line 455, in getApplication
application = service.loadApplication(filename, style, passphrase)
File "/usr/lib64/python2.7/site-
packages/twisted/application/service.py", line 403, in loadApplication
application = sob.loadValueFromFile(filename, 'application',
passphrase)
File "/usr/lib64/python2.7/site-packages/twisted/persisted/sob.py",
line 210, in loadValueFromFile
exec fileObj in d, d
File "tahoe-client.tac", line 10, in <module>
c = client.Client()
File "/home/gabeos/tahoe/src/allmydata/client.py", line 130, in
__init__
node.Node.__init__(self, basedir)
File "/home/gabeos/tahoe/src/allmydata/node.py", line 82, in __init__
self.create_tub()
File "/home/gabeos/tahoe/src/allmydata/node.py", line 174, in
create_tub
self.tub = Tub(certFile=certfile)
File "/usr/lib/python2.7/site-packages/foolscap/pb.py", line 240, in
__init__
self.setupEncryptionFile(certFile)
File "/usr/lib/python2.7/site-packages/foolscap/pb.py", line 252, in
setupEncryptionFile
self.setupEncryption(certData)
File "/usr/lib/python2.7/site-packages/foolscap/pb.py", line 267, in
setupEncryption
cert = self.createCertificate()
File "/usr/lib/python2.7/site-packages/foolscap/pb.py", line 476, in
createCertificate
132)
File "/usr/lib64/python2.7/site-
packages/twisted/internet/_sslverify.py", line 853, in
signCertificateRequest
hlreq = CertificateRequest.load(requestData, requestFormat)
File "/usr/lib64/python2.7/site-
packages/twisted/internet/_sslverify.py", line 571, in load
if not req.verify(req.get_pubkey()):
OpenSSL.crypto.Error: [('asn1 encoding routines', 'ASN1_item_verify',
'unknown message digest algorithm')]
Failed to load application: [('asn1 encoding routines',
'ASN1_item_verify', 'unknown message digest algorithm')]
}}}
There are reports of this issue popping up online, but seems that
consensus is that it is due to openssl versions < [0.98], at which point
SHA-256 algorithms were added. However, I'm on Fedora 21, running openssl
version 1.0.1k-fips, and definitely have sha* available.
{{{
python -c 'import ssl; print ssl.OPENSSL_VERSION'
OpenSSL 1.0.1k-fips 8 Jan 2015
}}}
anyway, if you have any thoughts or suggestions, it'd be much
appreciated.
Thanks,
Gabe
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2400>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list