[Pkg-openssl-devel] Bug#926315: Bug#926315: Bug#926315: Bug#926315: openssl: wget https://google.com fails in d-i

Kurt Roeckx kurt at roeckx.be
Wed Apr 3 23:54:55 BST 2019


On Thu, Apr 04, 2019 at 12:48:22AM +0200, Cyril Brulebois wrote:
> Hi,
> 
> And thanks for digging…
> 
> Kurt Roeckx <kurt at roeckx.be> (2019-04-04):
> > On Thu, Apr 04, 2019 at 12:07:37AM +0200, Kurt Roeckx wrote:
> > > On Wed, Apr 03, 2019 at 11:57:12PM +0200, Kurt Roeckx wrote:
> > > > On Wed, Apr 03, 2019 at 11:23:19PM +0200, Cyril Brulebois wrote:
> > > > >     1726  write(2, "Disabling SSL due to encountered errors.\n", 41) = 41
> > > > 
> > > > wget in buster actually seems to be linked to gnutls, and trying
> > > > other applications just seem to work without config file.
> > > 
> > > So I can reproduce this with the tag OpenSSL_1_1_1b, it's fixed in
> > > the current OpenSSL_1_1_1-stable branch ...
> > 
> > So the commit that fixes it is:
> > commit 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3
> > Author: Richard Levitte <levitte at openssl.org>
> > Date:   Wed Mar 20 10:18:13 2019 +0100
> > 
> >     OPENSSL_config(): restore error agnosticism
> > 
> >     Great effort has been made to make initialization more configurable.
> >     However, the behavior of OPENSSL_config() was lost in the process,
> >     having it suddenly generate errors it didn't previously, which is not
> >     how it's documented to behave.
> > 
> >     A simple setting of default flags fixes this problem.
> > 
> >     Fixes #8528
> > 
> >     Reviewed-by: Matt Caswell <matt at openssl.org>
> >     (Merged from https://github.com/openssl/openssl/pull/8533)
> > 
> >     (cherry picked from commit 905c9a72a708701597891527b422c7f374125c52)
> > 
> > The one that broke it was the one I pointed out earlier.
> 
> Would it be helpful if I were to rebuild openssl with that patch and double
> check what happens with its updated udebs?

I don't think that will be needed. I hope to get an other
important bugfix soon, and we can do an upload then.


Kurt



More information about the Pkg-openssl-devel mailing list