touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #47463
[Bug 1410989] Re: SSL_connect:unknown state
These are my test cases and the final solution
user@test0:~$ uname -a
Linux test0 3.11.0-26-generic #45-Ubuntu SMP Tue Jul 15 04:02:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
user@test0:~$ openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Fri Jun 20 18:52:46 UTC 2014
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
user@test0:~$ openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:unknown state
SSL_connect:SSLv3 read server hello A
(truncated)
Verify return code: 0 (ok)
user@test1:~$ uname -a
Linux test1 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
user@test1:~$ lsb_release -a | grep Code
Codename: saucy
user@test1:~$ openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Fri Jun 20 18:54:02 UTC 2014
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
user@test1:~$ openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state
(hangs)
user@test1:~$ openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state -ssl3
(hangs)
user@test1:~$ openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state -tls1
(hangs)
user@test2:~$ uname -a
Linux test2 3.13.0-44-generic #73-Ubuntu SMP Tue Dec 16 00:22:43 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
user@test2:~$ lsb_release -a | grep Code
Codename: trusty
user@test2:~$ openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Fri Jan 9 17:52:48 UTC 2015
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
user@test2:~$ openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:unknown state
(hangs)
user@test2:~$ openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state -ssl3
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
(truncated)
Verify return code: 0 (ok)
apt-get -y install build-essential libssl-dev
wget https://www.openssl.org/source/openssl-1.0.1k.tar.gz
tar -xvzf openssl-1.0.1k.tar.gz
cd openssl-1.0.1k
make dclean
make clean
export CFLAGS="-fPIC"
./config -fstack-protector -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int shared zlib
make depend
make
make install
user@test3:~$ uname -a
Linux test3 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
user@test3:~$ lsb_release -a | grep Code
Codename: trusty
user@test3:~$ /usr/local/ssl/bin/openssl version -a
OpenSSL 1.0.1k 8 Jan 2015
built on: Wed Jan 14 16:01:29 2015
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fstack-protector -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/ssl"
user@test3:~$ /usr/local/ssl/bin/openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
(truncated)
Verify return code: 0 (ok)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1410989
Title:
SSL_connect:unknown state
Status in openssl package in Ubuntu:
New
Bug description:
Running "openssl s_client", I'm getting some websites (www.tm3.com,
ws.myfax.com) that cause requests to hang. I compiled openssl-1.0.1k
and it seems to be working now. Is there a more correct fix other than
compiling the newest openssl?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1410989/+subscriptions
References