Data Backup and Recovery

SnapCreator 4.1.0 CLI doesn´t work

volker_albrecht

Hello,

I´ve installed SnapCreator 4.1.0 on a VM with SlES11 SP 1 and I can work with it only via the GUI, via CLI it doesn´t work. Java is installed, the sym-links under /usr/lib64 are created, but when I start a comand, it hangs.

I installed it on a other VM, with the same OS, here it runs.

Regards

V. Albrecht

1 ACCEPTED SOLUTION

sivar

Thank you for the details.


I found this bug https://rt.cpan.org/Public/Bug/Display.html?id=81575

Looks like version "# openssl version OpenSSL 0.9.8j-fips 07 Jan 2009" has some issues.

Could you please try upgrading to openssl-0.9.8r available here. (Choose your platform)

http://download.opensuse.org/repositories/security:/fips/SLE_11/x86_64/

Thanks,
Siva Ramanathan

View solution in original post

8 REPLIES 8

sivar

May I know the below details?

ls -la /lib | grep libssl

ls -la /lib | grep libcrypto

ls -la /usr/lib64 | grep libssl

ls -la /usr/lib64 | grep libcrypto

which openssl

openssl version

openssl ciphers

You may also try doing this. Remove the below two files and try running your CLI again.

rm /usr/lib64/.libcrypto.so.6.hmac

rm /usr/lib64/.libssl.so.6.hmac

Note: The .hmac files contain hashes of /usr/lib64/libcrypto.so.6 and /usr/lib64/libssl.so.6 used for FIPS compliance.

volker_albrecht

Hello Siva,

here the infos:

from the server, that dosen´t work:

# ls -la /lib | grep libssl*

lrwxrwxrwx  1 root root      12 Sep 27  2010 libss.so.2 -> libss.so.2.0

-rwxr-xr-x  1 root root   22216 May  8  2010 libss.so.2.0

# ls -la /lib | grep libcryp*

-rwxr-xr-x  1 root root   59517 Apr 13  2012 libcrypt-2.11.1.so

lrwxrwxrwx  1 root root      18 May  6  2012 libcrypt.so.1 -> libcrypt-2.11.1.so

# ls -la /usr/lib64 | grep libssl*

-rw-r--r--  1 root root       65 Jul 10  2012 .libssl.so.0.9.8.hmac

lrwxrwxrwx  1 root root       16 May  6  2012 libssh2.so.1 -> libssh2.so.1.0.1

-rwxr-xr-x  1 root root   159064 Apr 13  2012 libssh2.so.1.0.1

-rw-r--r--  1 root root  3800398 Jul 10  2012 libssl.a

lrwxrwxrwx  1 root root       15 Feb 13 13:34 libssl.so -> libssl.so.0.9.8

-r-xr-xr-x  1 root root   343040 Jul 10  2012 libssl.so.0.9.8

lrwxrwxrwx  1 root root       15 Nov  9  2011 libssl.so.6 -> libssl.so.0.9.8

# ls -la /usr/lib64 | grep libcryp*

-rw-r--r--  1 root root       65 Jul 10  2012 .libcrypto.so.0.9.8.hmac

-rw-r--r--  1 root root   244412 Apr 13  2012 libcrypt.a

lrwxrwxrwx  1 root root       20 May  6  2012 libcrypt.so -> /lib64/libcrypt.so.1

-rw-r--r--  1 root root 16026996 Jul 10  2012 libcrypto.a

lrwxrwxrwx  1 root root       18 Feb 13 13:34 libcrypto.so -> libcrypto.so.0.9.8

-r-xr-xr-x  1 root root  1685176 Jul 10  2012 libcrypto.so.0.9.8

lrwxrwxrwx  1 root root       18 Nov  9  2011 libcrypto.so.6 -> libcrypto.so.0.9.8

# openssl version

OpenSSL 0.9.8j-fips 07 Jan 2009

# openssl ciphers

DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5

And here the other one:

#  ls -la /lib | grep libssl*

lrwxrwxrwx  1 root root      12 Jan 31 11:45 libss.so.2 -> libss.so.2.0

-rwxr-xr-x  1 root root   22216 May  8  2010 libss.so.2.0

# ls -la /lib | grep libcryp*

-rwxr-xr-x  1 root root   59329 May  6  2010 libcrypt-2.11.1.so

lrwxrwxrwx  1 root root      18 Jan 31 11:44 libcrypt.so.1 -> libcrypt-2.11.1.so

#  ls -la /usr/lib64 | grep libssl*

lrwxrwxrwx   1 root root       16 Jan 31 11:45 libssh2.so.1 -> libssh2.so.1.0.0

-rwxr-xr-x   1 root root   146840 Jun 18  2009 libssh2.so.1.0.0

-r-xr-xr-x   1 root root   342880 May  5  2010 libssl.so.0.9.8

lrwxrwxrwx   1 root root       15 Feb 18 09:34 libssl.so.6 -> libssl.so.0.9.8

-rwxr-xr-x   1 root root   238424 Apr  6  2010 libssl3.so

# ls -la /usr/lib64 | grep libcryp*

-r-xr-xr-x   1 root root  1538896 May  5  2010 libcrypto.so.0.9.8

lrwxrwxrwx   1 root root       18 Feb 18 09:35 libcrypto.so.6 -> libcrypto.so.0.9.8

# openssl version

OpenSSL 0.9.8h 28 May 2008

# openssl ciphers

DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:CAMELLIA256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:CAMELLIA128-SHA:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5

I also remove the links to .libcrypto.so.6.hmac and .libssl.so.6.hmac, but it doesn´t work.

Regards

V. Albrecht

sivar

Thank you for the details.


I found this bug https://rt.cpan.org/Public/Bug/Display.html?id=81575

Looks like version "# openssl version OpenSSL 0.9.8j-fips 07 Jan 2009" has some issues.

Could you please try upgrading to openssl-0.9.8r available here. (Choose your platform)

http://download.opensuse.org/repositories/security:/fips/SLE_11/x86_64/

Thanks,
Siva Ramanathan

View solution in original post

volker_albrecht

Hello Siva,

I´ve update the openssl-package and now it works.

Thanks.

V. Albrecht

sivar

Dear Volker,

Could you please provide me with the below outputs?

java -fullversion

java -version

cat /etc/ld.so.preload

strace -v java -version 

Is /usr a separate mount point?

Thanks,

Siva Ramanathan

volker_albrecht

Hey Siva,

here are the infos, /usr isn´t a seperate mout, its a part of the root-volume.

Regards

V. Albrecht

sivar

My colleague just reminded me that it is a CLI issue.

We know SP1 and SP2 versions are tested and qualified.

I will look into this further.

Thanks,
Siva Ramanathan

sivar

Dear V. Albrecht,

The one that is not working seems to be of  java version 1.7.0_51

What I am finding is there are some strict security measures on java version 1.7.0_51

Is it possible for you to try with a lower Java version? (like Java 1.6 update 25 or Java 1.7 update 25)

I am just picking a random version -- you could choose anything lesser than 1.7.0_51 and try.

I am asking my QA team to look into this as well.

Thanks,

Siva Ramanathan

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public