HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software

2008.07.18 09:42:17 LOG3[13057:1]: error stack: 25070067 : error:25070067:DSO su

pport routines:DSO_load:could not load the shared library

2008.07.18 09:42:17 LOG3[13057:1]: ENGINE_ctrl_cmd_string: 25066067: error:25066

067:DSO support routines:DLFCN_LOAD:could not load the shared library

Action

Verify the library specified in the engineCtrl=SO_PATH statement in the Stunnel configuration

file. See “Step 3: Specifying Engine Information for the Application” (page 45) for sample engine

and enginectrl entries.

Message: no start line

Stunnel cannot process the key file and displays messages similar to the following:

2008.07.18 15:30:11 LOG7[19693:1]: Key file: /opt/stunnel/foo1blob^M

2008.07.18 15:30:11 LOG3[19693:1]: error stack: 140B3009 : error:140B3009:SSL ro

utines:SSL_CTX_use_RSAPrivateKey_file:PEM lib

2008.07.18 15:30:11 LOG3[19693:1]: SSL_CTX_use_RSAPrivateKey_file: 906D06C: erro

r:0906D06C:PEM routines:PEM_read_bio:no start line

Action

Stunnel displays this message if it cannot process the key file (the file specified by the key

parameter in the Stunnel configuration file). In this example, it is attempting to use the PEM

library to process the key file. This usually indicates that Stunnel did not load the TPM OpenSSL

library because of problems with the engine or enginectrl parameters in the Stunnel

configuration file. See “Step 3: Specifying Engine Information for the Application” (page 45) for

sample engine and enginectrl entries.

Message: tpm engine:TPM_ENGINE_LOAD_KEY:request failed

The TPM OpenSSL engine cannot process the key file and displays messages similar to the

following:

2008.07.18 09:47:18 LOG7[13168:1]: Key file: /opt/stunnel/myblob

2008.07.18 09:47:21 LOG3[13168:1]: error stack: 26096080 : error:26096080:engine

routines:ENGINE_load_private_key:failed loading private key

2008.07.18 09:47:21 LOG3[13168:1]: ENGINE_load_private_key: 8806F06D: error:8806

F06D:tpm engine:TPM_ENGINE_LOAD_KEY:request failed

Action

Verify that the file specified by the key parameter in the Stunnel configuration file is a key file

created by tpmcreate.

Troubleshooting TCS Operation with HP-UX Secure Shell

You should see the following message when the sshd daemon starts:

# /sbin/init.d/secsh start

HP-UX Secure Shell started

To verify that sshd is using the TPM OpenSSL engine, start sshd in the foreground (-D) and

enable debugging (-d). The sshd daemon displays messages similar to the following:

debug1: Config token is enginehostrsakey

debug1: Config token is engineconfigfile

debug1: Config token is engineconfigsection

debug1: key_load_engine_private() done: type RSA

debug1: engine key load attempted, index: #0

debug1: private host key: #0 type 1 RSA

The daemon also displays these messages when clients attempt to start an SSH session to the

system.

82 TCS Troubleshooting and Known Issues