[strongSwan-dev] strongswan's openssl plugin causes wpa_supplicant to segfault
avesh.ncsu at gmail.com
Fri Oct 17 16:55:58 CEST 2014
On Fri, Oct 17, 2014 at 4:43 AM, Martin Willi <martin at strongswan.org> wrote:
> Hi Avesh,
> > strongswan's openssl plugin is deigned for multi-threaded environment,
> > wpa_supplicant uses non-threaded architecture. Both of these,
> > openssl pluging and wpa_supplicant uses openssl as their crypto and
> > TLS library.
> True, but unless you run these libraries in the same process, how is
> this a problem?
Isn't it the way it works when wpa_supplicant's tnc client loads any imc
(.so) so everything runs in the same process space?
> I'd guess for a different process each OpenSSL libcrypto
> instance should be usable independently?
There is only one wpa_supplicant process.
> Or is there some non-mainline code involved that uses wpa_supplicant
> from within strongSwan?
There is nothing ususal. wpa_supplicant loads strongswan's imcs from
/etc/tnc_config file. strongswan imc runs within wpa_supplicant process
space not the other way around. It might happen with other third party tnc
clients if they use strongswan's imc with a design similar to
> > I have created a very simple patch to address this issue which basically
> > disabling mult-thread uses in strongswan's openssl plugin when
> > wpa_supplicant is used.
> Disabling that multi-threading setup on strongSwan definitely will break
> the openssl plugin,
It does not disable mult-threading by default. In the patch, by default it
is true so strongswan operations are not affected at all. When someone uses
wpa_supplicant, one might disable multi-threading in openssl plugin by
> so I don't think this is an option, even as a
> As I said above, by default it is enabled and does not affect strongswan
at all, so might work as a work around.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev