[Openswan Users] FATAL ERROR: unable to malloc... after kernel update

Nels Lindquist nlindq at maei.ca
Wed Aug 20 16:08:58 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For posterity, in case anyone else encounters this...

On 8/18/2014 8:10 AM, Nels Lindquist wrote:
> I'm running OpenSWAN 2.6.41 on CentOS 6 (x86_64 arch).  Recently
> we rebooted our VPN endpoint after some updates (including a new
> kernel) and now IPSEC (particularly pluto) fails to start.
> 
> Here's the startup logs from /var/log/secure:
> 
[ SNIP ]
> Aug 16 21:17:55 yeggate pluto[42107]: FATAL ERROR: unable to
> malloc 9223372036854775807 bytes for CA cert
> 
> I tried rebuilding OpenSWAN against the new kernel headers, but it 
> didn't make any difference.

I turned up the logging on plutodebug and noticed that the error
occurred while trying to parse /etc/ipsec.d/cacerts.  I switched to
using NSS and removed /cacerts entirely, and now everything appears to
be working as usual.


- -- 
Nels Lindquist
<nlindq at maei.ca>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)

iEYEARECAAYFAlP1AFkACgkQh6z5POoOLgSjEgCfcFyoolyy0UoiYISdUsFNfo5q
VHsAn0VHkpJWIWUbdKXu9WaNrNVQXPv4
=g7B/
-----END PGP SIGNATURE-----


More information about the Users mailing list