Access Server Crashes When curl Plug-In Calling HTTPS URL Is Executed (Doc ID 832551.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Access - Version: 10.1.4.2 and later   [Release: 10g and later ]
Information in this document applies to any platform.
Checked for relevance on 06-MAY-2011

Symptoms

Custom curl authorization plugin causes Access Server crash when the URL invoked by the plugin is HTTPS. Access Server is automatically restarted after the crash.

The problem does not occur with non-SSL URLs.

Error in browser:

Oracle Access Manager Operation Error
The WebGate plug-in is unable to contact any Access Servers.


Example output from Access Server machine console when the plugin is invoked:

* About to connect() to metalink.oracle.com port 443
* Trying 1xx.1xx.y.1zz... * connected
* Connected to metalink.oracle.com (
1xx.1xx.y.1zz) port 443
* error setting certificate verify locations, continuing anyway:
* CAfile: /usr/share/ssl/certs/ca-bundle.crt
CApath: none
Access Server has stopped running. Starting a new instance.
Access Server started with pid: 6218
Successfully initialized the AAA Engine and its handlers.


Permissions of /usr/share/ssl/certs/ca-bundle.crt are correct.

The same curl code run as standalone program is successful and 'error setting certificate verify locations' is not displayed.

The stack trace from the core file produced by Access Server crash shows that a segmentation fault (SIGSEGV) occurs in function SSL_set_ssl_method:

(gdb) bt
#0 0x082051f7 in SSL_set_ssl_method ()
#1 0x08203fc0 in ssl_clear_internal ()
#2 0x08203ea8 in ssl_clear_internal ()
#3 0x08204904 in SSL_connect ()
#4 0x082048c8 in SSL_connect ()
#5 0x0032a712 in Curl_SSLConnect () from /usr/lib/libcurl.so.3
#6 0x0031cb23 in Curl_http_connect () from /usr/lib/libcurl.so.3
#7 0x003245ff in Curl_protocol_connect () from /usr/lib/libcurl.so.3
#8 0x00325491 in Curl_connect () from /usr/lib/libcurl.so.3
#9 0x0033238d in Curl_follow () from /usr/lib/libcurl.so.3
#10 0x003325b4 in Curl_perform () from /usr/lib/libcurl.so.3
#11 0x00332d02 in curl_easy_perform () from /usr/lib/libcurl.so.3
#12 0x00de4acb in post_and_receive_data () from /oracle/software/coreid/access/oblix/lib/orcl_plugin.so
#13 0x00de4c61 in ObAnPluginFn () from /oracle/software/coreid/access/oblix/lib/orcl_plugin.so
#14 0x0829c3c3 in ObAuthnDSOElem::CallPluginFn ()
#15 0x08181ccf in ObAuthenticationHandler::EvaluateCustomPlugin ()
#16 0x0816d4c4 in ObAuthenticationHandler::ExecutePlugin ()
#17 0x080f5fb5 in ObAuthenticationHandler::ExecuteStep ()
#18 0x08136d4b in ObAuthenticationHandler::Authenticate ()
#19 0x080b03c4 in ObAAAServiceServer::Authenticate ()
#20 0x080b407c in ObAAAServiceServer::AuthenticateWAudit ()
#21 0x0819434e in ObAuthenticateWAuditHandler ()
#22 0x0818b9df in handleMsg ()
#23 0x081a2fcb in ServiceThread::Run ()
#24 0x082ed82f in ObThread::ThreadFunc ()
#25 0x00c4ace1 in pthread_start_thread () from /lib/i686/libpthread.so.0
#26 0x009fed3a in clone () from /lib/i686/libc.so.6

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms