[Pkg-openssl-devel] libssl1.0.0 changelog and StartTLS borken...
Kurt Roeckx
kurt at roeckx.be
Wed Jul 1 19:00:30 UTC 2015
On Wed, Jul 01, 2015 at 02:22:44PM -0400, Woody wrote:
> The changelog for openssl, libssl and related is missing. See:
>
> http://ftp-master.metadata.debian.org/changelogs//main/o/openssl/openssl_1.0.1k-3+deb8u1_changelog
As far as I know, that's because it's a security update that's not
part of a release yet.
> I have a problem with the StartTLS after upgrading to the 1.0.0k version.
> The phones (Android, Blackberry) trying to send SMTP email using StartTLS
> authentication fail:
>
> 2015-07-01 06:56:15 TLS error on connection from dankaq5.suwalski.net
> ([127.0.0.1]) [120.7.1.74] (via inetd) (recv): A TLS packet with unexpected
> length was received.
That seems to be a gnutls error message.
> After restoring the backup from May, it is working for me again with old
> versions of SSL:
> suwnet:/home/woody> dpkg -l | grep ssl
> ii libssl0.9.8 0.9.8o-4squeeze14 i386 SSL shared
That's from squeeze, probably something that's unused and can be
removed.
> ii libssl1.0.0:i386 1.0.1e-2+deb7u16 i386 SSL shared
> ii openssl 1.0.1e-2+deb7u16 i386 Secure Socket Layer
That's from wheezy
The 1.0.1k-3+deb8u1 on the other hand is from jessie.
> Will there be a fixup patch released sometime for this issue?
I don't know about any issues.
> I have found somewhere else references for an LDAP showing similar symptoms
> - it was established that the issue was the incompatibility between openssl
> and gnutls.
So looking for more information, this actually seems to be a
gnutls26 problem that goes away when getting linked to gnutls28
instead.
Kurt
More information about the Pkg-openssl-devel
mailing list