My Oracle Support Banner

Changing OpenSSL mediator to fips version breaks the pkg/beadm commands (Doc ID 2832302.1)

Last updated on JANUARY 11, 2022

Applies to:

Solaris Operating System - Version 11.4 to 11.4 [Release 11.0]
Information in this document applies to any platform.

Symptoms

 Changing OpenSSL mediator to any fips version of the OpenSSL package that isn't installed, results in completely breaking pkg/beadm commands

root@:~# pkg set-mediator -I fips openssl
Packages to change: 6
Mediators to change: 1
Create boot environment: No
Create backup boot environment: Yes
PHASE ITEMS
Removing old actions 40/40
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 2/2

OR

root@:~# pkg set-mediator -I fips-140 openssl
Packages to change: 5
Mediators to change: 1
Create boot environment: No
Create backup boot environment: Yes
PHASE ITEMS
Removing old actions 22/22
Updating modified actions 20/20
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 2/2
root@:~#

root@:~# pkg mediator
Traceback (most recent call last):
File "/usr/bin/pkg", line 82, in <module>
import pkg.actions as actions
File "/usr/lib/python3.7/vendor-packages/pkg/actions/__init__.py", line 68, in <module>
globals(), locals(), [modname])
File "/usr/lib/python3.7/vendor-packages/pkg/actions/hardlink.py", line 33, in <module>
from . import generic, link
File "/usr/lib/python3.7/vendor-packages/pkg/actions/generic.py", line 49, in <module>
import pkg.variant as variant
File "/usr/lib/python3.7/vendor-packages/pkg/variant.py", line 36, in <module>
from pkg.misc import EmptyI
File "/usr/lib/python3.7/vendor-packages/pkg/misc.py", line 32, in <module>
import OpenSSL.crypto as osc
File "/usr/lib/python3.7/vendor-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
File "/usr/lib/python3.7/vendor-packages/OpenSSL/crypto.py", line 16, in <module>
from OpenSSL._util import (
File "/usr/lib/python3.7/vendor-packages/OpenSSL/_util.py", line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
File "/usr/lib/python3.7/vendor-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: ld.so.1: python3.7: relocation error: file /usr/lib/python3.7/vendor-packages/cryptography/hazmat/bindings/_openssl.abi3.so: symbol d2i_OCSP_REQUEST: referenced symbol not found
root@:~#

root@:~# beadm list
Traceback (most recent call last):
File "/usr/sbin/beadm", line 16, in <module>
from bemgmt import cli
File "/usr/lib/python3.7/vendor-packages/bemgmt/__init__.py", line 45, in <module>
from bemgmt.be import USERPROP_ZONE_PARENTBE, ALLOWED_POLICIES, \
File "/usr/lib/python3.7/vendor-packages/bemgmt/be.py", line 22, in <module>
from bemgmt.utils import get_be_pool_and_name, get_mountpoint_from_vfstab, \
File "/usr/lib/python3.7/vendor-packages/bemgmt/utils.py", line 20, in <module>
from bemgmt.zfs_rad import ZfsRad
File "/usr/lib/python3.7/vendor-packages/bemgmt/zfs_rad.py", line 17, in <module>
import rad.connect as radcon
File "/usr/lib/python3.7/vendor-packages/rad/connect.py", line 22, in <module>
import ssl
File "/usr/lib/python3.7/ssl.py", line 98, in <module>
import _ssl # if we can't import it, let the error propagate
ImportError: ld.so.1: python3.7: relocation error: file /usr/lib/python3.7/lib-dynload/_ssl.cpython-37m.so: symbol GENERAL_NAME_free: referenced symbol not found
root@:~#

root@:~# svcs -xv
svc:/application/pkg/system-repository:default (IPS System Repository)
State: maintenance since Wed Jan 5 18:52:50 2022
Reason: Method failed.
See: http://support.oracle.com/msg/SMF-8000-8Q
See: man -M /usr/share/man -s 8 pkg.sysrepo
See: /var/svc/log/application-pkg-system-repository:default.log
Impact: This service is not running.

#cat /var/svc/log/application-pkg-system-repository:default.log

Traceback (most recent call last):
File "/usr/lib/pkg.sysrepo", line 50, in <module>
from pkg.misc import msg, PipeError
File "/usr/lib/python3.7/vendor-packages/pkg/misc.py", line 32, in <module>
import OpenSSL.crypto as osc
File "/usr/lib/python3.7/vendor-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
File "/usr/lib/python3.7/vendor-packages/OpenSSL/crypto.py", line 16, in <module>
from OpenSSL._util import (
File "/usr/lib/python3.7/vendor-packages/OpenSSL/_util.py", line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
File "/usr/lib/python3.7/vendor-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: ld.so.1: python3.7: relocation error: file /usr/lib/python3.7/vendor-packages/cryptography/hazmat/bindings/_openssl.abi3.so: symbol d2i_OCSP_REQUEST: referenced symbol not found
pkg.sysrepo: failed to create Apache configuration
[ 2022 Jan 5 18:52:50 Method "refresh" exited with status 95. ]
root@:~#

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.