OpenSwan - Dynamic CRL Fetching curl longjmp bug
I am experiencing an issue with OpenSwan (Pluto) where it crashes with an error message '*** longjmp causes uninitialized stack frame ***' after successfully establishing Ipsec connection with its peer.
After much research online, I managed to narrow it down to Dynamic CRL Fetching. Turning it off seems to solve the issue.
It seems that OpenSwan uses curl to dynamically fetch CRLs via http from CDPs which, for reasons unknown to me, triggered the infamous curl DNS resolve timeout bug. Dynamic CRL Fetching was running well and fine for past few days but out of sudden, it just stopped working. Restart of my system did not aid in solving the issue.
Most solutions found online points to building curl with c-ares support. A quick check on my system via the command 'curl --version' shows that curl on my system is not built with c-ares.
I tried to uninstall curl on my system so that I could build and install my own curl package but was denied by yum as yum is dependent on curl.
How do I do enable c-ares on my Red Hat 6.3 system or do anyone have different solution to the curl issue on red hat system?
Thanks.
Last edited by loftystew; 11-26-2014 at 10:09 AM.
|