[Opendnssec-user] Bad signerd crash.

Mathieu Arnold mat at mat.cc
Fri Sep 20 10:41:14 UTC 2013


+--On 19 septembre 2013 09:06:16 +0200 Mathieu Arnold <mat at mat.cc> wrote:
| +--On 19 septembre 2013 08:16:25 +0200 Rickard Bellgrim
| <rickard at opendnssec.org> wrote:
||> Looking at the code (shared/hsm.c), it looks like hsm_find_key_by_id()
||> returns NULL, but libhsm does not provide an error. After a couple of
||> tries, the signer reports "key not found".
||> 
|| 
|| Could it be related to:
|| https://issues.opendnssec.org/browse/SOFTHSM-45
|| 
|| Most of the code in SoftHSM had protection against a busy database. But
|| there were examples where it wasn't. E.g. when opening the library at the
|| same time there was a lot of key generation.
| 
| Funny thing you said that... I just got :

And with the number of zones I have, ZSK rollovers do happen more than once
a day, and the signer signs something every 30 seconds or so on average.
So, I get this :

Sep 20 02:19:36 ns1 ods-enforcerd: Created ZSK size: 1024, alg: 8 with id:
ca2fbfeac75d4883ecd8b66658c58063 in repository: SoftHSM-ZSK and database.
Sep 20 02:19:36 ns1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key pair
generated
Sep 20 02:19:36 ns1 ods-enforcerd: Created key in repository SoftHSM-ZSK
Sep 20 02:19:36 ns1 ods-enforcerd: Created ZSK size: 1024, alg: 8 with id:
0c6c42ff281dae875a804e9bf195cd0a in repository: SoftHSM-ZSK and database.
Sep 20 02:19:37 ns1 ods-signerd: [hsm] Open first session: CKR_GENERAL_ERROR
Sep 20 02:19:37 ns1 ods-signerd: [hsm] error signing rrset with libhsm
Sep 20 02:19:37 ns1 ods-signerd: [rrset] unable to sign RRset[6]:
lhsm_sign() failed
Sep 20 02:19:37 ns1 ods-signerd: [worker[3]] sign zone
dr-nguyen-appercel-lan-anh.chirurgiens-dentistes.fr failed: 1 RRsets failed
Sep 20 02:19:37 ns1 ods-signerd: [worker[3]] CRITICAL: failed to sign zone
dr-nguyen-appercel-lan-anh.chirurgiens-dentistes.fr: General error
Sep 20 02:19:37 ns1 ods-signerd: [worker[3]] backoff task [sign] for zone
dr-nguyen-appercel-lan-anh.chirurgiens-dentistes.fr with 60 seconds
Sep 20 02:19:37 ns1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key pair
generated
Sep 20 02:19:37 ns1 ods-enforcerd: Created key in repository SoftHSM-ZSK
Sep 20 02:19:37 ns1 ods-enforcerd: Created ZSK size: 1024, alg: 8 with id:
b7387e9f827417e4fe2dd90a3716b6a7 in repository: SoftHSM-ZSK and database.

A lot :-/

-- 
Mathieu Arnold



More information about the Opendnssec-user mailing list