[Pkg-openssl-devel] Bug#607914: Bug#607914: Bug#607914: please enable padlock engine for 1.0.0 version of openssl
JM
fijam at archlinux.us
Sat Feb 25 16:41:17 UTC 2012
On Thu, Feb 23, 2012 at 7:29 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
> On Thu, Feb 23, 2012 at 07:26:02PM +0100, JM wrote:
>> Update:
>>
>> I have found out that the nginx error is a result of a regression in
>> openssl that took place between versions 1.0.0d and 1.0.0e.
>>
>> I suppose it would be best if I opened a separate bug report for it?
>> Or should I pester the upstream directly?
>
> Yes please, I will not have time to look at it.
It appears that I was wrong after all. Sorry for the noise. The bug is
in packaging rather than upstream. I did the folllowing:
apt-get source openssl
cd openssl-1.0.0g
./Configure --prefix=/usr --openssldir=/usr/lib/ssl
--libdir=lib/i386-linux-gnu no-idea no-mdc2 no-rc5 zlib enable-tlsext
no-ssl2 debian-i386 && make depend && make
cd apps
./openssl s_server -cert /etc/ssl/private/server.crt -key
/etc/ssl/private/server.key -ssl3 -engine padlock -state -msg -debug
on a separate terminal:
openssl s_client : it works
then:
apt-get -b source openssl
dpkg -i libssl1.0.0_1.0.0g-1_i386.deb openssl_1.0.0g-1_i386.deb
openssl s_server -cert /etc/ssl/private/server.crt -key
/etc/ssl/private/server.key -ssl3 -engine padlock -state -msg -debug
on a separate terminal:
openssl s_client : fails with 3074197656:error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1195:SSL
alert number 20
I am unfamiliar with Debian's packaging specifics so it's hard for me
to triage it any further on my own. I could hook you up with SSH
access if you care to look into it.
Regards,
Jan
More information about the Pkg-openssl-devel
mailing list