14 November,16 at 08:47 AM
Applies to: Centrify DirectControl Suite 2016 (5.3.0) or below
Question:
OpenSSL crashes with messages “unhandled signal 4” appears in /var/log/messages after installed Centrify onto the machine as shown below:
Mar 09 12:16:26 rkanshpc1ems adcert[15598]: WARN cli.adcert No certificate templates were found
Mar 09 12:16:27 rkanshpc1ems kernel: openssl[15859]: unhandled signal 4 at 00003fffb62b0000 nip 00003fffb62b0000 lr 00003fffb63a5564 code 30001
Mar 09 12:16:27 rkanshpc1ems kernel: openssl[15884]: unhandled signal 4 at 00003fff83f20000 nip 00003fff83f20000 lr 00003fff84015564 code 30001
Solution:
The issue appears to be in OpenSSL library, BN (BigNumber) functions. OpenSSL 0.9.8X has been EOL'd, therefore openssl.org will not fix this. While Centrify has been upgraded to OpenSSL 1.0.2g in Suite 2016.1. Therefore, performing an upgrade on Centrify agent to Suite 2016.1 or above should resolve the issue.
Workaround:
If upgrading is not an option, as Centrify will only triggers OpenSSL process from the following perl script:
/usr/share/centrifdc/sbin/get_crl.pl
/usr/share/centrifydc/mappers/machine/certgp.pl
/usr/share/centrifydc/mappers/machine/rhel_certgp.pl
Therefore, if auto-enrollment of certificates and Smart Card support are not being used by the machine, we will suggest disabling the adcert process with the following steps:
1) Run:
#cd /usr/share/centrifydc/mappers/machine
2) Disable the execution mode of the following script:
- certgp.pl
3) Run:
#adgpupdate
4) Check to see if the warning still appears