Bug#338006: [Pkg-openssl-devel] Bug#338006: libssl0.9.8: bad record
mac because of wrong SSL_OP_TLS_BLOCK_PADDING_BUG handling -
possible workaround
Steve Langasek
vorlon at debian.org
Mon Jan 16 00:03:33 UTC 2006
On Sun, Jan 15, 2006 at 10:38:16PM +0100, Kurt Roeckx wrote:
> On Sun, Jan 15, 2006 at 05:15:20PM +0100, Kurt Roeckx wrote:
> > To quote a part from that email:
> > > You were right. If I change:
> > > no-idea no-rc5 shared
> > > to:
> > > zlib no-idea no-rc5 shared
> > > and rebuild, cyrus-imapd gives me that "bad record mac" error with the
> > > resulting openssl. Removing "zlib" makes it go away.
> > So it seem we have 2 things that conflict here. If we have zlib,
> > it breaks applications, if we don't, it breaks others.
> I should correct myself. We have 3 options for zlib:
> - no-zlib
> - zlib
> - zlib-dynamic
> Package breaks if we use zlib-dynamic and zlib1-dev is not
> installed, which is why we used zlib instead.
Fix zlib-dynamic to use /usr/lib/libz.so.1 properly instead of
/usr/lib/libz.so?
> Build with any of those options it fails with the "decryption failed or
> bad record mac" error.
"any of those options" means all of no-zlib, zlib, and zlib-dynamic?
> If either the server or the client do not support zlib, things
> work.
> And it seems that the 0.9.7 server doesn't use zlib, even though
> it was build with zlib support.
> I'm still not sure if this is a bug in the server or the client.
So what breaks if using no-zlib? You said "it breaks other [applications];
which ones and how?
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20060115/e3b63d64/attachment-0001.pgp
More information about the Pkg-openssl-devel
mailing list