[Pkg-openssl-devel] OpenSSL can no longer pull certificate after upgrade
Sam Rowe
sam.rowe at gmail.com
Mon Apr 2 20:20:50 UTC 2012
Hi,
I fetch my mail with offlineimap which also broke as a result of a
recent upgrade.
I've tracked the problem down to openssl. On Debian Stable I'm able to
run the following with no problem:
openssl s_client -connect exg5.exghost.com:imaps -showcerts
The certs are displayed very quickly and the imap process eventually
times out as expected.
On Debian Testing or Debian SID, the same command takes a very long
time and then says:
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 320 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I installed the Stable version of openssl on Wheezy to see if the
downgrade would fix the problem and it did. Unfortunately for me,
python is linked against
libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
(0x00007f5018306000)
So I can't pull the same trick.
I'm sure that our Exchange provider or Exchange itself is doing SSL
wrong, but I hope that despite their wrongness, openssl should
continue to work with them. Oddly, connecting as above to exg3 and
exg4 yield different results. One seems to work and the other aborts.
I'm happy to provide any additional information to help resolve this issue.
Thanks,
Sam Rowe
More information about the Pkg-openssl-devel
mailing list