1

I'm finding that a few commands (for now dig and nslookup) that fail no matter what with the following output:

19-Jan-2016 15:01:50.219 ENGINE_by_id failed (crypto failure) 19-Jan-2016 15:01:50.219 error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:389:id=gost dig: dst_lib_init: crypto failure

Even stuff like dig -h results in this, so I guess this happens before the actual command execution starts

I remember these commands used to work, but they're not something I used very often, so I can't exactly pinpoint the origin

I can, however, say that I have messed with ssl options recently. Particularly, I was having problems handling GPG keys, and had to run export OPENSSL_CONF=/etc/ssl/openssl.cnf in order to make it work I also found this issue, which seems to be similar. But that project has nothing to do with what I'm doing, and their solution (unsetting OPENSSL_CONF) did not work for me

EDIT: I'm running Arch Linux. The only change I did regarding OpenSSL configurations was running export OPENSSL_CONF=/etc/ssl/openssl.cnf which I needed to use gpg, but I already tried unsetting that

Running unset OPENSSL_CONF; dig -h results in the same output

Improve this question
13
  • It might help to give more information, i.e. which OS and what changes you made to your ssl options. Can you provide the output of ldd /usr/bin/dig? Also, what happens if you do unset OPENSSL_CONF; dig -h Commented Jan 22, 2016 at 3:33
  • This sounds like a version mismatch between the libssl library dig was compiled against and the version that's actually installed. Try strace -ffF -s200 dig 2>&1 | fgrep gost; it should try to load it from somewhere like /usr/lib/i386-linux-gnu/openssl-1.0.2/engines/libgost.so but it's probably not there. Commented Jan 22, 2016 at 21:29
  • @AndrásKorn that strace just gave me a similar output [pid 5688] write(2, "25-Jan-2016 09:19:18.075 error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:389:id=gost\n", 10725-Jan-2016 09:19:18.075 error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:389:id=gost I looked for a libgost.so and I found it in both /usr/lib/engines/libgost.so and /usr/lib32/engines/libgost.so. @vik I'll update the post with the info you requested Commented Jan 25, 2016 at 9:22
  • Well, this is what it's supposed to print: [pid 15583] open("/usr/lib/x86_64-linux-gnu/openssl-1.0.2/engines/libgost.so", O_RDONLY|O_CLOEXEC) = 6 -- so for some reason it doesn't even try to load the library on your system. Just out of curiosity, what happens if you do LD_PRELOAD=/usr/lib/engines/libgost.so dig? Commented Jan 25, 2016 at 10:11
  • @AndrásKorn I get the exact same error message :( Commented Jan 25, 2016 at 15:20

1 Answer 1

Reset to default
2
+50

Run : ldd $( which dig) | grep crypto, this will show you which crypto lib you're using at the moment. If this is different than expected one (usually openssl) you have few options :

  1. Remove the lib which interferes
  2. Modify LDD_LIBARY_PATH env variable, and point to the openssl lib location
  3. Fix the problem by removing unwanted library' location from /etc/ld.so.conf and /etc/ld.so.cond.d/* files. Running ldconfig afterwards. Warning : this will most probably break application using it.
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.