Bug#338006: [Pkg-openssl-devel] Bug#338006: libssl0.9.8: bad record
mac because of wrong SSL_OP_TLS_BLOCK_PADDING_BUG handling -
possible workaround
Kurt Roeckx
kurt at roeckx.be
Mon Jan 16 07:22:46 UTC 2006
On Sun, Jan 15, 2006 at 04:03:33PM -0800, Steve Langasek wrote:
> > I should correct myself. We have 3 options for zlib:
> > - no-zlib
> > - zlib
> > - zlib-dynamic
>
> > Package breaks if we use zlib-dynamic and zlib1-dev is not
> > installed, which is why we used zlib instead.
>
> Fix zlib-dynamic to use /usr/lib/libz.so.1 properly instead of
> /usr/lib/libz.so?
>
> > Build with any of those options it fails with the "decryption failed or
> > bad record mac" error.
>
> "any of those options" means all of no-zlib, zlib, and zlib-dynamic?
No, zlib or zlib-dynamic. So if there is support for zlib
compression.
> > If either the server or the client do not support zlib, things
> > work.
>
> > And it seems that the 0.9.7 server doesn't use zlib, even though
> > it was build with zlib support.
>
> > I'm still not sure if this is a bug in the server or the client.
>
> So what breaks if using no-zlib? You said "it breaks other [applications];
> which ones and how?
I can't remember off hand, but I can look look for some. Basicly
they use COMP_zlib.
Kurt
More information about the Pkg-openssl-devel
mailing list