Help Center/ MapReduce Service/ Troubleshooting/ Cluster Management/ Error "symbol BIO_new_dgram_sctp version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 ..." Is Displayed During HA Certificate Generation
Updated on 2023-09-05 GMT+08:00

Error "symbol BIO_new_dgram_sctp version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 ..." Is Displayed During HA Certificate Generation

Issue

During HA certificate replacement, when a user runs the sh ${OMS_RUN_PATH}/workspace/ha/module/hacom/script/gen-cert.sh --root-ca --country=CN --state=state --city=city --company=company --organize=organize --common-name=commonname --email=Cluster user mailbox command to generate root-ca.crt and root-ca.pem in the ${OMS_RUN_PATH}/workspace0/ha/local/cert directory on the active management node, the following error message is displayed:

openssl: relocation error: openssl: symbol BIO_new_dgram_sctp version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 with link time referencecreate server private key failed.

Cause Analysis

  • OpenSSL may have been changed and is not the default /usr/bin/openssl.
  • The dynamic library dependency libcrypto.so.1.1 cannot be found.
  • If the cluster version is 3.2.0 or earlier, the environment variable configuration command (for example, source bigdata_env) may have been executed or the environment variable may have been changed before the operation. This issue has been resolved in versions later than 3.2.0.

Procedure

  1. Log in to the active management node using its IP address as user omm.
  2. Run the following command to check whether the command output is /usr/bin/openssl. If it is not, change OpenSSL to the default /usr/bin/openssl.

    which openssl

  3. Run the following command to check the dynamic library dependency:

    ldd /usr/bin/openssl

    The command output is as follows:

    [omm@xxx ~]$ ldd /usr/bin/openssl
            linux-vdso.so.1 (0x0000ffffaf016000)
            libssl.so.1.1 => /usr/lib64/libssl.so.1.1 (0x0000ffffaee7a000)
            libcrypto.so.1.1 => /usr/lib64/libcrypto.so.1.1 (0x0000ffffaebc2000)
            libz.so.1 => /usr/lib64/libz.so.1 (0x0000ffffaeb91000)
            libdl.so.2 => /usr/lib64/libdl.so.2 (0x0000ffffaeb70000)
            libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x0000ffffaeb3b000)
            libc.so.6 => /usr/lib64/libc.so.6 (0x0000ffffae9c5000)
            /lib/ld-linux-aarch64.so.1 (0x0000ffffaefe8000)

    Check whether libcrypto.so.1.1 in the command output points to a value. If not found is displayed, run the following command to load libcrypto.so.1.1:

    echo $LD_LIBRARY_PATH

  4. Check whether a non-system OpenSSL library is loaded in the system library environment variables. If yes, change it to the default OpenSSL library of the system.
  5. If the fault persists, contact technical support.