[stunnel-users] Problems with stunnel segfaulting on every connection

Hello,

I’m running into a problem with stunnel segfaulting on me. I’m not sure if it’s a NetBSD problem or an stunnel problem. The following combinations work:

NetBSD-10.0/stunnel 5.57 Debian/stunnel 5.50 Fedora/stunnel 5.72

Unfortunately, what doesn’t work for me is:

NetBSD-10.0/stunnel 5.71 (or 5.7.2) NetBSD-9.x/stunnel 5.71

It looks like stunnel is doing something related to OCSP and the response causes it to crash. The certificate is a wildcard for my domain, bigjar.com. Here’s a snippet of the output right before the segfault:

2024.08.04 13:47:35 LOG7[0]: SNI: no virtual services defined 2024.08.04 13:47:35 LOG7[0]: OCSP stapling: Server callback called 2024.08.04 13:47:35 LOG6[0]: OCSP: The root CA certificate was not found 2024.08.04 13:47:35 LOG5[0]: OCSP: Connecting the AIA responder "http://e5.o.lencr.org" Segmentation fault (core dumped)

I rolled back to an earlier certificate issued by sectigo and got the same result:

2024.08.05 15:11:01 LOG7[0]: OCSP stapling: Server callback called 2024.08.05 15:11:01 LOG5[0]: OCSP: Connecting the AIA responder "http://ocsp.sectigo.com"

There were some issues getting stunnel to run with the correct version of OpenSSL (the “pkgsrc” version), but those have been fixed. Any suggestions are greatly appreciated!

Thanks,

Jason M.

Full /usr/pkg/etc/stunnel/stunnel.conf —————————————————— foreground = yes debug = 7 CAPath = /etc/openssl/certs

[imaps] accept  = 993 connect = 10.100.0.75:143 cert = /path/wildcard.bigjar.com.pem OCSPaia = no

Full stunnel output:

2024.08.05 15:22:13 LOG6[ui]: Initializing inetd mode configuration 2024.08.05 15:22:13 LOG7[ui]: Clients allowed=500 2024.08.05 15:22:13 LOG5[ui]: stunnel 5.71 on x86_64--netbsd platform 2024.08.05 15:22:13 LOG5[ui]: Compiled/running with OpenSSL 3.3.1 4 Jun 2024 2024.08.05 15:22:13 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP 2024.08.05 15:22:13 LOG7[ui]: errno: (*__errno()) 2024.08.05 15:22:13 LOG6[ui]: Initializing inetd mode configuration 2024.08.05 15:22:13 LOG5[ui]: Reading configuration from file /usr/pkg/etc/stunnel/stunnel.conf 2024.08.05 15:22:13 LOG5[ui]: UTF-8 byte order mark not detected 2024.08.05 15:22:13 LOG6[ui]: Compression disabled 2024.08.05 15:22:13 LOG7[ui]: No PRNG seeding was required 2024.08.05 15:22:13 LOG6[ui]: Initializing service [imaps] 2024.08.05 15:22:13 LOG7[ui]: Initializing context [imaps] 2024.08.05 15:22:13 LOG6[ui]: OpenSSL security level is used: 2 2024.08.05 15:22:13 LOG7[ui]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK 2024.08.05 15:22:13 LOG7[ui]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 2024.08.05 15:22:13 LOG7[ui]: TLS options: 0x2100000 (+0x0, -0x0) 2024.08.05 15:22:13 LOG6[ui]: Session resumption enabled 2024.08.05 15:22:13 LOG6[ui]: Loading certificate from file: /usr/local/certs/wildcard.bigjar.com.20210406.pem 2024.08.05 15:22:13 LOG6[ui]: Certificate loaded from file: /usr/local/certs/wildcard.bigjar.com.20210406.pem 2024.08.05 15:22:13 LOG6[ui]: Loading private key from file: /usr/local/certs/wildcard.bigjar.com.20210406.pem 2024.08.05 15:22:13 LOG6[ui]: Private key loaded from file: /usr/local/certs/wildcard.bigjar.com.20210406.pem 2024.08.05 15:22:13 LOG7[ui]: Private key check succeeded 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=ES, O=FNMT-RCM, OU=Ceres, organizationIdentifier=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=AffirmTrust, CN=AffirmTrust Commercial 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=AffirmTrust, CN=AffirmTrust Networking 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=AffirmTrust, CN=AffirmTrust Premium 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Amazon, CN=Amazon Root CA 1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Amazon, CN=Amazon Root CA 2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Amazon, CN=Amazon Root CA 3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Amazon, CN=Amazon Root CA 4 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: CN=Atos TrustedRoot 2011, O=Atos, C=DE 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: CN=Atos TrustedRoot Root CA ECC TLS 2021, O=Atos, C=DE 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: CN=Atos TrustedRoot Root CA RSA TLS 2021, O=Atos, C=DE 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Certainly, CN=Certainly Root E1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Certainly, CN=Certainly Root R1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=FR, O=Dhimyotis, CN=Certigna 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=FR, O=Dhimyotis, OU=0002 48146308100036, CN=Certigna Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum EC-384 CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=PL, O=Asseco Data Systems S.A., OU=Certum Certification Authority, CN=Certum Trusted Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=CommScope, CN=CommScope Public Trust ECC Root-01 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=CommScope, CN=CommScope Public Trust ECC Root-02 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=CommScope, CN=CommScope Public Trust RSA Root-01 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=CommScope, CN=CommScope Public Trust RSA Root-02 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=D-Trust GmbH, CN=D-TRUST BR Root CA 1 2020 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=D-Trust GmbH, CN=D-TRUST EV Root CA 1 2020 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Google Trust Services LLC, CN=GTS Root R1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="DigiCert, Inc.", CN=DigiCert TLS ECC P384 Root G5 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="DigiCert, Inc.", CN=DigiCert TLS RSA4096 Root G5 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2012 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - EC1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2009 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - G4 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.", CN=GDCA TrustAUTH R5 ROOT 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Google Trust Services LLC, CN=GTS Root R2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=AT, O=e-commerce monitoring GmbH, CN=GLOBALTRUST 2020 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Google Trust Services LLC, CN=GTS Root R3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Google Trust Services LLC, CN=GTS Root R4 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root E46 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Root R46 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS ECC Root CA 2021 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GR, O=Hellenic Academic and Research Institutions CA, CN=HARICA TLS RSA Root CA 2021 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=TW, O="Chunghwa Telecom Co., Ltd.", CN=HiPKI Root CA - G1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Internet Security Research Group, CN=ISRG Root X1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Internet Security Research Group, CN=ISRG Root X2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=ES, O=IZENPE S.A., CN=Izenpe.com 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, emailAddress=info@e-szigno.hu 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Microsoft Corporation, CN=Microsoft ECC Root Certificate Authority 2017 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GC CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=JP, O="Japan Certification Services, Inc.", CN=SecureSign RootCA11 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=SSL Corporation, CN=SSL.com TLS ECC Root CA 2022 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=SSL Corporation, CN=SSL.com TLS RSA Root CA 2022 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root E46 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=SecureTrust Corporation, CN=SecureTrust CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O=SecureTrust Corporation, CN=Secure Global CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=JP, O="SECOM Trust Systems CO.,LTD.", CN=Security Communication ECC RootCA1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication RootCA2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=JP, O="SECOM Trust Systems CO.,LTD.", CN=Security Communication RootCA3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, O="Starfield Technologies, Inc.", OU=Starfield Class 2 Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Root Certificate Authority - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Services Root Certificate Authority - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=Deutsche Telekom Security GmbH, CN=Telekom Security TLS ECC Root 2020 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=DE, O=Deutsche Telekom Security GmbH, CN=Telekom Security TLS RSA Root 2023 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: O=TeliaSonera, CN=TeliaSonera Root CA v1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=FI, O=Telia Finland Oyj, CN=Telia Root CA v2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O="TrustAsia Technologies, Inc.", CN=TrustAsia Global Root CA G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O="TrustAsia Technologies, Inc.", CN=TrustAsia Global Root CA G4 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Illinois, L=Chicago, O="Trustwave Holdings, Inc.", CN=Trustwave Global Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Illinois, L=Chicago, O="Trustwave Holdings, Inc.", CN=Trustwave Global ECC P256 Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=Illinois, L=Chicago, O="Trustwave Holdings, Inc.", CN=Trustwave Global ECC P384 Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=TN, O=Agence Nationale de Certification Electronique, CN=TunTrust Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O=UniTrust, CN=UCA Extended Validation Root 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O=UniTrust, CN=UCA Global G2 Root 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=RO, O=certSIGN, OU=certSIGN ROOT CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=RO, O=CERTSIGN SA, OU=certSIGN ROOT CA G2 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=HU, L=Budapest, O=Microsec Ltd., organizationIdentifier=VATHU-23584497, CN=e-Szigno Root CA 2017 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=TW, O="Chunghwa Telecom Co., Ltd.", OU=ePKI Root Certification Authority 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O="iTrusChina Co.,Ltd.", CN=vTrus ECC Root CA 2024.08.05 15:22:13 LOG6[ui]: Configured trusted client CA: C=CN, O="iTrusChina Co.,Ltd.", CN=vTrus Root CA 2024.08.05 15:22:13 LOG7[ui]: OCSP: Server OCSP stapling enabled 2024.08.05 15:22:13 LOG6[ui]: DH initialization skipped: no DH ciphersuites 2024.08.05 15:22:13 LOG7[ui]: ECDH initialization 2024.08.05 15:22:13 LOG7[ui]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384 2024.08.05 15:22:13 LOG5[ui]: Configuration successful 2024.08.05 15:22:13 LOG7[ui]: Deallocating deployed section defaults 2024.08.05 15:22:13 LOG7[ui]: Cleaning up context [stunnel] 2024.08.05 15:22:13 LOG7[ui]: Binding service [imaps] 2024.08.05 15:22:13 LOG7[ui]: Listening file descriptor created (FD=9) 2024.08.05 15:22:13 LOG7[ui]: Setting accept socket options (FD=9) 2024.08.05 15:22:13 LOG7[ui]: Option SO_REUSEADDR set on accept socket 2024.08.05 15:22:13 LOG6[ui]: Service [imaps] (FD=9) bound to :::993 2024.08.05 15:22:13 LOG7[ui]: Listening file descriptor created (FD=10) 2024.08.05 15:22:13 LOG7[ui]: Setting accept socket options (FD=10) 2024.08.05 15:22:13 LOG7[ui]: Option SO_REUSEADDR set on accept socket 2024.08.05 15:22:13 LOG6[ui]: Service [imaps] (FD=10) bound to 0.0.0.0:993 2024.08.05 15:22:13 LOG7[ui]: No pid file being created 2024.08.05 15:22:13 LOG6[ui]: Accepting new connections 2024.08.05 15:22:13 LOG7[per-second]: Per-second thread initialized 2024.08.05 15:22:13 LOG7[per-day]: Per-day thread initialized 2024.08.05 15:22:13 LOG6[per-day]: Executing per-day jobs 2024.08.05 15:22:13 LOG6[per-day]: Per-day jobs completed in 0 seconds 2024.08.05 15:22:13 LOG7[per-day]: Waiting 86400 seconds 2024.08.05 15:22:34 LOG7[ui]: Found 1 ready file descriptor(s) 2024.08.05 15:22:34 LOG7[ui]: FD=4 events=0x1 revents=0x0 2024.08.05 15:22:34 LOG7[ui]: FD=9 events=0x1 revents=0x0 2024.08.05 15:22:34 LOG7[ui]: FD=10 events=0x1 revents=0x1 2024.08.05 15:22:34 LOG7[ui]: Service [imaps] accepted (FD=3) from 192.168.10.127:50130 2024.08.05 15:22:34 LOG7[0]: Service [imaps] started 2024.08.05 15:22:34 LOG7[0]: Setting local socket options (FD=3) 2024.08.05 15:22:34 LOG7[0]: Option TCP_NODELAY set on local socket 2024.08.05 15:22:34 LOG5[0]: Service [imaps] accepted connection from 192.168.10.127:50130 2024.08.05 15:22:34 LOG6[0]: Peer certificate not required 2024.08.05 15:22:34 LOG7[0]: TLS state (accept): before SSL initialization 2024.08.05 15:22:34 LOG7[0]: TLS state (accept): before SSL initialization 2024.08.05 15:22:34 LOG7[0]: Initializing application specific data for session authenticated 2024.08.05 15:22:34 LOG7[0]: SNI: no virtual services defined 2024.08.05 15:22:34 LOG7[0]: OCSP stapling: Server callback called 2024.08.05 15:22:34 LOG5[0]: OCSP: Connecting the AIA responder "http://ocsp.sectigo.com" Segmentation fault (core dumped)

uname -a from the clean NetBSD 10.0 install ——————————————————————— NetBSD Thundercats.virtual.bigjar.com 10.0 NetBSD 10.0 (GENERIC) #0: Thu Mar 28 08:33:33 UTC 2024 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64

dmesg from the same system ——————————— [     1.000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, [     1.000000]     2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, [     1.000000]     2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023, [     1.000000]     2024 [     1.000000]     The NetBSD Foundation, Inc.  All rights reserved. [     1.000000] Copyright (c) 1982, 1986, 1989, 1991, 1993 [     1.000000]     The Regents of the University of California. All rights reserved. [     1.000000] NetBSD 10.0 (GENERIC) #0: Thu Mar 28 08:33:33 UTC 2024 [     1.000000] mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC [     1.000000] total memory = 2047 MB [     1.000000] avail memory = 1953 MB [     1.000000] timecounter: Timecounters tick every 10.000 msec [     1.000000] Kernelized RAIDframe activated [     1.000000] timecounter: Timecounter "i8254" frequency 1193182 Hz quality 100 [     1.000004] mainbus0 (root) [     1.000004] ACPI: RSDP 0x00000000000F5220 000014 (v00 BOCHS ) [     1.000004] ACPI: RSDT 0x000000007FFE3036 000038 (v01 BOCHS BXPC     00000001 BXPC 00 [     1.000004] ACPI: FACP 0x000000007FFE2E08 000074 (v01 BOCHS BXPC     00000001 BXPC 00 [     1.000004] ACPI: DSDT 0x000000007FFDF040 003DC8 (v01 BOCHS BXPC     00000001 BXPC 0 [     1.000004] ACPI: FACS 0x000000007FFDF000 000040 [     1.000004] ACPI: APIC 0x000000007FFE2E7C 000090 (v03 BOCHS BXPC     00000001 BXPC 00 [     1.000004] ACPI: SSDT 0x000000007FFE2F0C 0000CA (v01 BOCHS VMGENID  00000001 BXPC [     1.000004] ACPI: HPET 0x000000007FFE2FD6 000038 (v01 BOCHS BXPC     00000001 BXPC 00 [     1.000004] ACPI: WAET 0x000000007FFE300E 000028 (v01 BOCHS BXPC     00000001 BXPC 00 [     1.000004] ACPI: 2 ACPI AML tables successfully acquired and loaded [     1.000004] ioapic0 at mainbus0 apid 0: pa 0xfec00000, version 0x11, 24 pins [     1.000004] cpu0 at mainbus0 apid 0 [     1.000004] cpu0: Use lfence to serialize rdtsc [     1.000004] cpu0: Intel(R) Xeon(R) CPU           L5420  @ 2.50GHz, id 0x1067a [     1.000004] cpu0: node 0, package 0, core 0, smt 0 [     1.000004] cpu1 at mainbus0 apid 1 [     1.000004] cpu1: Intel(R) Xeon(R) CPU           L5420  @ 2.50GHz, id 0x1067a [     1.000004] cpu1: node 0, package 0, core 1, smt 0 [     1.000004] cpu2 at mainbus0 apid 2 [     1.000004] cpu2: Intel(R) Xeon(R) CPU           L5420  @ 2.50GHz, id 0x1067a [     1.000004] cpu2: node 0, package 1, core 0, smt 0 [     1.000004] cpu3 at mainbus0 apid 3 [     1.000004] cpu3: Intel(R) Xeon(R) CPU           L5420  @ 2.50GHz, id 0x1067a [     1.000004] cpu3: node 0, package 1, core 1, smt 0 [     1.000004] acpi0 at mainbus0: Intel ACPICA 20221020 [     1.000004] acpi0: X/RSDT: OemId <BOCHS ,BXPC ,00000001>, AslId <BXPC,00000001> [     1.000004] LNKS: ACPI: Found matching pin for 0.1.INTA at func 3: 9 [     1.000004] LNKD: ACPI: Found matching pin for 0.1.INTD at func 2: 11 [     1.000004] LNKC: ACPI: Found matching pin for 0.3.INTA at func 0: 11 [     1.000004] LNKA: ACPI: Found matching pin for 0.5.INTA at func 0: 10 [     1.000004] LNKB: ACPI: Found matching pin for 0.18.INTA at func 0: 10 [     1.000004] LNKB: ACPI: Found matching pin for 0.30.INTA at func 0: 10 [     1.000004] LNKC: ACPI: Found matching pin for 0.31.INTA at func 0: 11 [     1.000004] acpi0: SCI interrupting at int 9 [     1.000004] acpi0: fixed power button present [     1.000004] timecounter: Timecounter "ACPI-Fast" frequency 3579545 Hz quality 1000 [     1.026231] hpet0 at acpi0: high precision event timer (mem 0xfed00000-0xfed00400) [     1.026231] timecounter: Timecounter "hpet0" frequency 100000000 Hz quality 2000 [     1.029336] qemufwcfg0 at acpi0 (FWCF, QEMU0002): io 0x510-0x51b [     1.029336] qemufwcfg0: <QEMU> [     1.029336] pckbc1 at acpi0 (KBD, PNP0303) (kbd port): io 0x60,0x64 irq 1 [     1.029336] pckbc2 at acpi0 (MOU, PNP0F13) (aux port): irq 12 [     1.029336] fdc0 at acpi0 (FDC0, PNP0700): io 0x3f2-0x3f5,0x3f7 irq 6 drq 2 [     1.029336] VGEN (QEMUVGID) at acpi0 not configured [     1.029336] ACPI: Enabled 3 GPEs in block 00 to 0F [     1.029336] pckbd0 at pckbc1 (kbd slot) [     1.029336] pckbc1: using irq 1 for kbd slot [     1.029336] wskbd0 at pckbd0: console keyboard [     1.029336] pms0 at pckbc1 (aux slot) [     1.029336] pckbc1: using irq 12 for aux slot [     1.029336] wsmouse0 at pms0 mux 0 [     1.029336] pci0 at mainbus0 bus 0: configuration mode 1 [     1.029336] pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok [     1.029336] pchb0 at pci0 dev 0 function 0: Intel 82441FX (PMC) PCI and Memory Controller (rev. 0x0 [     1.029336] pcib0 at pci0 dev 1 function 0: Intel 82371SB (PIIX3) PCI-ISA Bridge (rev. 0x00) [     1.029336] piixide0 at pci0 dev 1 function 1: Intel 82371SB IDE Interface (PIIX3) (rev. 0x00) [     1.029336] piixide0: bus-master DMA support present [     1.029336] piixide0: primary channel wired to compatibility mode [     1.029336] piixide0: primary channel interrupting at ioapic0 pin 14 [     1.029336] atabus0 at piixide0 channel 0 [     1.029336] piixide0: secondary channel wired to compatibility mode [     1.029336] piixide0: secondary channel interrupting at ioapic0 pin 15 [     1.029336] atabus1 at piixide0 channel 1 [     1.029336] uhci0 at pci0 dev 1 function 2: Intel 82371SB (PIIX3) USB Host Controller (rev. 0x01) [     1.029336] uhci0: interrupting at ioapic0 pin 11 [     1.029336] usb0 at uhci0: USB revision 1.0 [     1.029336] piixpm0 at pci0 dev 1 function 3: Intel 82371AB (PIIX4) Power Management Controller (rev [     1.029336] timecounter: Timecounter "piixpm0" frequency 3579545 Hz quality 1000 [     1.029336] piixpm0: 24-bit timer [     1.029336] piixpm0: interrupting at ioapic0 pin 9 [     1.029336] iic0 at piixpm0 port 0: I2C bus [     1.029336] vga0 at pci0 dev 2 function 0: vendor 1234 product 1111 (rev. 0x02) [     1.029336] wsdisplay0 at vga0 kbdmux 1: console (80x25, vt100 emulation), using wskbd0 [     1.029336] wsmux1: connecting to wsdisplay0 [     1.029336] drm at vga0 not configured [     1.029336] virtio0 at pci0 dev 3 function 0 [     1.029336] virtio0: memory balloon device (id 5, rev. 0x00) [     1.029336] viomb0 at virtio0: features: 0x10000000<INDIRECT_DESC> [     1.029336] virtio0: allocated 8192 byte for virtqueue 0 for inflate, size 128 [     1.029336] virtio0: allocated 8192 byte for virtqueue 1 for deflate, size 128 [     1.029336] virtio0: interrupting at ioapic0 pin 11 [     1.029336] ppb0 at pci0 dev 5 function 0: Red Hat Qemu PCI-PCI (rev. 0x00) [     1.029336] pci1 at ppb0 bus 1 [     1.029336] pci1: i/o space, memory space enabled [     1.029336] wm0 at pci0 dev 18 function 0, 64-bit DMA: Intel i82540EM 1000BASE-T Ethernet (rev. 0x [     1.029336] wm0: interrupting at ioapic0 pin 10 [     1.029336] wm0: 32-bit 33MHz PCI bus [     1.029336] wm0: 64 words (6 address bits) MicroWire EEPROM [     1.029336] wm0: RX packet buffer size: 48KB [     1.029336] wm0: Ethernet address bc:24:11:28:4e:0d [     1.029336] wm0: 0x200002<LOCK_EECD,WOL> [     1.029336] makphy0 at wm0 phy 1: Marvell 88E1011 Gigabit PHY, rev. 0 [     1.029336] makphy0: Failed to access EADR. Are you an emulator? [     1.029336] makphy0: Failed to read EXTSR. Are you an emulator?. Regard as 1000BASE-T. [     1.029336] makphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-F [     1.029336] ppb1 at pci0 dev 30 function 0: Red Hat Qemu PCI-PCI (rev. 0x00) [     1.029336] pci2 at ppb1 bus 2 [     1.029336] pci2: i/o space, memory space enabled [     1.029336] ppb2 at pci0 dev 31 function 0: Red Hat Qemu PCI-PCI (rev. 0x00) [     1.029336] pci3 at ppb2 bus 3 [     1.029336] pci3: i/o space, memory space enabled [     1.029336] isa0 at pcib0 [     1.029336] attimer0 at isa0 port 0x40-0x43 [     1.029336] pcppi0 at isa0 port 0x61 [     1.029336] spkr0 at pcppi0: PC Speaker [     1.029336] wsbell at spkr0 not configured [     1.029336] midi0 at pcppi0: PC speaker [     1.029336] sysbeep0 at pcppi0 [     1.029336] attimer0: attached to pcppi0 [     1.029336] acpicpu0 at cpu0: ACPI CPU [     1.029336] acpicpu0: C1: HLT, lat   0 us, pow     0 mW [     1.029336] vmt0 at cpu0 [     1.029336] vmt0: UUID: 744f4106-92e9-4346-8075-d18275f8edfd [     1.029336] vmware: open failed, eax=0xffffffff, ecx=0x1e, edx=0x5658 [     1.029336] vmt0: autoconfiguration error: failed to open backdoor RPC channel (TCLO protocol) [     1.029336] acpicpu1 at cpu1: ACPI CPU [     1.029336] acpicpu2 at cpu2: ACPI CPU [     1.029336] acpicpu3 at cpu3: ACPI CPU [     1.029336] timecounter: Timecounter "clockinterrupt" frequency 100 Hz quality 0 [     2.044826] IPsec: Initialized Security Association Processing. [     2.054842] uhub0 at usb0: NetBSD (0x0000) UHCI root hub (0x0000), class 9/0, rev 1.00/1.00, addr [     2.054842] uhub0: 2 ports with 2 removable, self powered [     3.744874] uhidev0 at uhub0 port 1 configuration 1 interface 0 [     3.744874] uhidev0: QEMU (0x0627) QEMU USB Tablet (0x0001), rev 2.00/0.00, addr 2, iclass 3/0 [     3.754781] ums0 at uhidev0: 3 buttons and Z dir [     3.754781] wsmouse1 at ums0 mux 0 [     5.034767] wd0 at atabus0 drive 0 [     5.034767] wd0: <QEMU HARDDISK> [     5.044755] wd0: drive supports 16-sector PIO transfers, LBA48 addressing [     5.044755] wd0: 256 GB, 532610 cyl, 16 head, 63 sec, 512 bytes/sect x 536870912 sectors [     5.054776] wd0: GPT GUID: 42a7e333-2c05-4cbd-8664-1555d1755017 [     5.054776] dk0 at wd0: "f0a8b571-d30a-43a6-a0ef-191b9afe08e7", 16777216 blocks at 2048, typ [     5.054776] dk1 at wd0: "926b4afc-b71b-4615-9fd2-a2a845a4d129", 4194304 blocks at 1677926 [     5.067931] dk2 at wd0: "da56269b-1ddb-4cb8-a470-e689f1e1dbe5", 515897311 blocks at 20973 [     5.067931] wd0: 32-bit data port [     5.067931] wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100) [     5.067931] wd0(piixide0:0:0): using PIO mode 4, DMA mode 2 (using DMA) [     5.067931] atapibus0 at atabus1: 2 targets [     5.074732] cd0 at atapibus0 drive 0: <QEMU DVD-ROM, QM00003, 2.5+> cdrom removable [     5.074732] cd0: 32-bit data port [     5.074732] cd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100) [     5.074732] cd0(piixide0:1:0): using PIO mode 4, DMA mode 2 (using DMA) [     5.084749] swwdog0: software watchdog initialized [     5.104732] WARNING: 1 error while detecting hardware; check system log. [     5.104732] boot device: wd0 [     5.104732] root on dk0 dumps on dk1 [     5.104732] root file system type: ffs [     5.114878] kern.module.path=/stand/amd64/10.0/modules [    20.034308] wsdisplay0: screen 1 added (80x25, vt100 emulation) [    20.044324] wsdisplay0: screen 2 added (80x25, vt100 emulation) [    20.054309] wsdisplay0: screen 3 added (80x25, vt100 emulation) [    20.054309] wsdisplay0: screen 4 added (80x25, vt100 emulation)