| View previous topic :: View next topic |
| Author |
Message |
micmac
l33t
Joined: 28 Nov 2003
Posts: 996
|
 Posted: Wed Sep 06, 2006 3:46 pm Post subject: [solved] openssl-0.9.8c (x86) broke https/sasl |
 |
|
Hi all,
I'm on x86 and I upgraded to dev-libs/openssl-0.9.8c. It got stabled today, and because it seems to include a security fix (I read that in this bugzilla report), I thought I could just update. I followed the ebuilds advice and ran revdep-rebuild to find software that linked agains lib{cryptop,ssl}.so.0.9.7 and recompile it. I ran it again just to be sure, but all seemed right (everything linked against 0.9. .
I also ran revdep-rebuild without arguments, it didn't find anything. To be sure I also rebooted the box. etc-update was run also, of course.
Now I can't use https anymore. Konqueror just says this:
| Code: | Beim Laden von https://forums.gentoo.org/ ist folgender Fehler aufgetreten:
Der Prozess für das
Protokoll https://forums.gentoo.org
wurde unerwartet beendet. |
Translation:
| Code: | An error occurred while loading https://forums.gentoo.org/
The Prozess for the protocol https://forums.gentoo.org died unexpectetly. |
Also I can't check my mails. mutt just fails with "SASL authentication failed". I recompiled mutt, but it didn't help.
Right now this computer is pretty unusable. No web, no mail (at least not with ssl).
Any ideas? Any others with the same experience?
Cheers
mic
Edit: mutt patch in bugzilla
Last edited by micmac on Fri Sep 08, 2006 8:03 pm; edited 1 time in total |
|
| Back to top |
|
 |
micmac
l33t
Joined: 28 Nov 2003
Posts: 996
|
| Posted: Wed Sep 06, 2006 5:45 pm Post subject: |
|
|
Hi all,
dev-libs/openssl-0.9.7k works for me. The security patch is already included.
Cheers
mic |
|
| Back to top |
|
|
frilled
Retired Dev
Joined: 15 Mar 2004
Posts: 386
Location: Atlantis, inner city ring
|
| Posted: Wed Sep 06, 2006 8:08 pm Post subject: |
|
|
Did you recompile qca-tls without errors?
_________________
"Failure is not an option!"
"Sir, we are out of further options." |
|
| Back to top |
|
|
micmac
l33t
Joined: 28 Nov 2003
Posts: 996
|
| Posted: Wed Sep 06, 2006 9:15 pm Post subject: |
|
|
Yes, after I unmasked qca-tls-1.0-r3.
Btw., this was konquerors output on konsole when it couldn't use https:
kio (KIOConnection): ERROR: Header read failed, errno=104
kio (KIOConnection): ERROR: Header has invalid size (-1)
ASSERT: "!icon.isEmpty()" in konq_pixmapprovider.cc (81)
ASSERT: "!icon.isEmpty()" in konq_pixmapprovider.cc (81)
ASSERT: "!icon.isEmpty()" in konq_pixmapprovider.cc (81)
ASSERT: "!icon.isEmpty()" in konq_pixmapprovider.cc (81) |
|
| Back to top |
|
|
frilled
Retired Dev
Joined: 15 Mar 2004
Posts: 386
Location: Atlantis, inner city ring
|
| Posted: Thu Sep 07, 2006 6:04 am Post subject: |
|
|
I still don't know what happened, as I can't reach the affected box by now. On (most of, didn't check them all yet) the other boxes it seems to have worked fine. Need to check later.
_________________
"Failure is not an option!"
"Sir, we are out of further options." |
|
| Back to top |
|
|
micmac
l33t
Joined: 28 Nov 2003
Posts: 996
|
| Posted: Thu Sep 07, 2006 10:32 pm Post subject: |
|
|
Hey,
I found out how to fix the https errors I got with konqueror. Recompiling kdelibs helped.
Regarding mutt. I found that there have been quite a lot of changes to sasl_decode64(). I mailed the the cyrus-sasl list about it. Maybe they know about it.
Cheers
mic |
|
| Back to top |
|
|
Headrush
Watchman
Joined: 06 Nov 2003
Posts: 5597
Location: Bizarro World
|
| Posted: Sat Sep 16, 2006 1:38 am Post subject: |
|
|
I'm having the same problems using ssh to log into remote machines and also kopete accounts that use ssl no longer work.
Here is a sample of problem: | Code: | ssh -v root@xxx.xxx.xxx.xxx
OpenSSH_4.3p2, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host |
Somehow doesn't look like my machine is sending the required info needed by the remote machine. |
|
| Back to top |
|
|
alkan
Guru
Joined: 06 Aug 2004
Posts: 385
Location: kasimlar yaylasi
|
| Posted: Sun Sep 17, 2006 2:45 am Post subject: |
|
|
| Headrush wrote: | I'm having the same problems using ssh to log into remote machines and also kopete accounts that use ssl no longer work.
Here is a sample of problem: | Code: | ssh -v root@xxx.xxx.xxx.xxx
OpenSSH_4.3p2, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host |
Somehow doesn't look like my machine is sending the required info needed by the remote machine. |
I have the exact problem. aany solution yet? |
|
| Back to top |
|
|
Headrush
Watchman
Joined: 06 Nov 2003
Posts: 5597
Location: Bizarro World
|
| Posted: Sun Sep 17, 2006 3:49 am Post subject: |
|
|
| alkan wrote: | | Headrush wrote: | I'm having the same problems using ssh to log into remote machines and also kopete accounts that use ssl no longer work.
Here is a sample of problem: | Code: | ssh -v root@xxx.xxx.xxx.xxx
OpenSSH_4.3p2, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host |
Somehow doesn't look like my machine is sending the required info needed by the remote machine. |
I have the exact problem. aany solution yet? |
After pulling my hair out and wondering what was going on since I correctly recompiled all apps depending on these libraries, I missed the obvious: the ssh server I was connecting to updated also but didn't do the revdep-rebuild and the problem was on their end.
(I shouldn't have assumed the service was static)
I still have an issue that I can't get SSL working with the Jabber network in Kopete. |
|
| Back to top |
|
|
micmac
l33t
Joined: 28 Nov 2003
Posts: 996
|
| Posted: Sun Sep 17, 2006 8:33 am Post subject: |
|
|
Hi Headrush!
tried recompiling kdelibs like I did to get Konqueror to work? |
|
| Back to top |
|
|
Headrush
Watchman
Joined: 06 Nov 2003
Posts: 5597
Location: Bizarro World
|
| Posted: Sun Sep 17, 2006 12:48 pm Post subject: |
|
|
| micmac wrote: | Hi Headrush!
tried recompiling kdelibs like I did to get Konqueror to work? |
Already did multiple times and compiled kopete again also. No luck. |
|
| Back to top |
|
|
Ast0r
Guru
Joined: 11 Apr 2006
Posts: 404
Location: Dallas, Tx - USA
|
| Posted: Mon Sep 18, 2006 1:11 am Post subject: |
|
|
| Headrush wrote: | I'm having the same problems using ssh to log into remote machines and also kopete accounts that use ssl no longer work.
Here is a sample of problem: | Code: | ssh -v root@xxx.xxx.xxx.xxx
OpenSSH_4.3p2, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host |
Somehow doesn't look like my machine is sending the required info needed by the remote machine. |
I am having this problem also. I upgraded to openssl-0.9.8c and ran | Code: |
revdep-rebuild --library libssl-0.9.7 |
and then | Code: | | revdep-rebuild --library libcrypto-0.9.7 |
I assumed that this would be all that I had to do, since that's all the ebuild said, but 3/5 boxes don't let me log in through SSH anymore since doing this. I guess it was stupid for me to not test it on one server and then deploy to my other servers once I knew it worked, but I assumed that if I followed the ebuilds directions that I would be fine. I looked really stupid yesterday when my boss called me asking why he couldn't SSH into our development server. I am going to have to go up to the datacenter tomorrow to fix them, but it would be really nice to know what is wrong with them so that I can fix them. Does anyone know? |
|
| Back to top |
|
|
ChL@Gentoo
Tux's lil' helper
Joined: 08 Jun 2004
Posts: 94
Location: Heidelberg (Germany)
|
| Posted: Mon Sep 18, 2006 11:36 am Post subject: |
|
|
I recompiled openssh, kdelibs, kdepim-kioslaves and kdebase-kioslaves.
After a restart of X (and so KDE) ssh, konqueror and kmail works perfect. |
|
| Back to top |
|
|
pteppic
l33t
Joined: 28 Nov 2005
Posts: 781
|
| Posted: Wed Dec 06, 2006 10:10 pm Post subject: |
|
|
| ChL@Gentoo wrote: | I recompiled openssh, kdelibs, kdepim-kioslaves and kdebase-kioslaves.
After a restart of X (and so KDE) ssh, konqueror and kmail works perfect. |
I tried all of this, most of it twice, to no avail.
I have just finished a largish update and hoped it would fix it, but it hadn't, so tried to investigate further.
Found this | Code: |
29491:error:0200100D:system library:fopen:Permission denied:bss_file.c:122:fopen('/etc/ssl/openssl.cnf','rb') |
and | Code: | #ls -al /etc
drwxr-xr-x 90 root lp 5.7K Dec 6 09:12 .
drwx------ 5 root lp 152 Sep 9 06:13 ssl |
I fixed it with | Code: | chown :root /etc
chown :root /etc/ssl
chmod 755 /etc/ssl |
now konq&co work again.
Seeing as the group set was lp and cups had been recently updated, it's new new cups I'm suspicious of, but I'm done investigating.... |
|
| Back to top |
|
|
|
Networking & Security
