[erlang-questions] Erlang Crypto R16+ and Centos 6.4+ incompatibility

Evgeny M <>
Tue Dec 17 10:52:40 CET 2013


Yeah, I see
Seems like the latest openssl does not announce anymore elliptic curves 
which are not supported. And crypto fails to start even if it does not use 
these curves.
I'd say this is quite serious problem, as about half of cheap VPS/Dedicated 
servers are run on Centos - this is the only distro supported by CPanel 
afaik. Suddenly as more and more hosting companies start roll on the latest 
Centos, their clients will not be able to use recent erlang with crypto no 
more.

I think crypto should be patched so that it could be started even if some 
functionality from openssl is not available.


вторник, 17 декабря 2013 г., 4:20:48 UTC+4 пользователь Matt Lewandowsky 
написал:
>
> The RHEL OpenSSL changes have been a subject of conversation on a variety 
> of lists lately.
>
>  
>
> http://rhn.redhat.com/errata/RHBA-2013-1751.html is (I believe) the 
> appropriate errata for what you are seeing and Red Hat’s current packages 
> should correct it. If CentOS has the same packages as what is available via 
> RHN, it might be interesting to know what happens if you roll back your 
> OpenSSL package a month or so (to before the FIPS changes). It’s entirely 
> possible that there are still issues which need RH Bugzilla entries.
>
>  
>
> I haven’t built Erlang on an RHEL 6 clone since the OpenSSL changes have 
> occurred. However, crypto seemed to work fine the last time I did. (I’d say 
> about 6 weeks ago.)
>
>  
>
> --Matt
>
>  
>
> -- 
>
> Matt Lewandowsky
>
> Big Geek
>
> Greenviolet
>
>  <javascript:> http://www.greenviolet.net
>
> +1 415 578 5782 (US) +44 844 484 8254 (UK)
>
>  
>
> *From:*  <javascript:> [mailto:
>  <javascript:>] *On Behalf Of *John Doe
> *Sent:* Monday, 16 December, 2013 14:39
> *To:*  <javascript:>
> *Subject:* [erlang-questions] Erlang Crypto R16+ and Centos 6.4+ 
> incompatibility
>
>  
>
> At the moment it is impossible to run crypto app from Erlang R16+ on 
> recent Centos versions (6.4 or newer) and likely on newer versions of 
> Fedora and RHEL as well.
>
> openssl 1.0.1 is installed.
>
>  
>
> Unable to load crypto library. Failed with error:
>
> "load_failed, Failed to load NIF library: 'crypto.so: undefined symbol: 
> EC_GROUP_new_curve_GF2m'"
>
>  
>
>  
>
> Crypto from R15B03 works with no problems
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20131217/110792c1/attachment.html>


More information about the erlang-questions mailing list