[Pkg-openssl-devel] Bug#702635: openssl communication problems with 1.0.1e with AES-NI
Kurt Roeckx
kurt at roeckx.be
Sat Mar 9 14:44:38 UTC 2013
Hi,
On request of openssl upstream I've put a version of the package
online which is staticly linked against the openssl libraries
and has debug info.
There seem to be various people who run into this problem, but
we seem to be unable to reproduce it on any of our systems.
It's available from:
http://people.debian.org/~kroeckx/openssl/static_debug/
You only need the openssl package from there
(openssl_1.0.1e-1+test1_amd64.deb), since the shared libraries
aren't needed for the test.
So what upstream asks is to try and reproduce it with s_client.
At least 1 person reported that this fails for him:
openssl s_client -connect mail.uni-paderborn.de:465
And then send "EHLO test"
Others might try to reproduce something simular with their
own servers.
They asked if you use any LD_* environment variables.
"lsof -p $pid" of s_client process would also be nice.
If you have a custom /etc/ssl/openssl.cnf, it would also be nice
if you could send that.
/proc/cpuinfo would also be nice to have.
If you know how to use gdb, they ask to print print variables and
buffers in e_aes_cbc_hmac_sha1.c
If you want to debug it, debugging might not show you source
code since you might have the source in a different path.
The .deb files can be generated from the source above using:
DEB_BUILD_MAINT_OPTIONS="hardening=-all" DEB_BUILD_OPTIONS="noopt nostrip" dpkg-buildpackage -B -uc
If you build it yourself, you can also just run the
./openssl.static binary instead of installing the .deb
package.
Kurt
More information about the Pkg-openssl-devel
mailing list