Just for the record, after month or so debugging, we found out how to fix it.
Issue was caused by different application initializing OpenSSL library again, after PHP/Curl/Apache whatever initialized it. In our case it was PHP Ice extension. We added config value: IceSSL.InitOpenSSL=0. Later, we found out, that this also caused another seemingly unrelated issue with PHP OpenSSL module. openssl_verify(): Unknown signature algorithm and function openssl_get_md_methods() returned empty array(). So in the end it's completely unrelated to curl... -----Original Message----- From: Alessandro Ghedini [mailto:gh...@debian.org] Sent: Wednesday, November 12, 2014 12:40 PM To: Jan Strnad; 768...@bugs.debian.org Cc: Vaclav Vomocil Subject: Re: Bug#768997: libcurl3: php curl call causes: SSL: couldn't create a context: error:140A90F1:lib(20):func(169):reason(241) On lun, nov 10, 2014 at 03:51:50 +0000, Jan Strnad wrote: > Hello, > > I would like to report bug for libcurl3 7.26: > SSL: couldn't create a context: > error:140A90F1:lib(20):func(169):reason(241) Just for the record, this translates to: error:140A90F1:SSL routines:SSL_CTX_new:unable to load ssl2 md5 routines >From the other mail you sent: > Our setup is: > > jan.strnad@goodserver:~$ dpkg -l | grep ssl > ii libssl0.9.8 0.9.8o-4squeeze18 amd64 > SSL shared libraries > ii libssl1.0.0:amd64 1.0.1e-2+deb7u13 amd64 > SSL shared libraries > [...] I think this might be the problem (and why the squeeze libcurl 7.21 works). Who is using the libssl0.9.8 and who libssl1.0.0? You can check that by running the command: $ apt-cache rdepends --installed libssl0.9.8 libssl1.0.0 My doubt is that two different OpenSSL libraries are loaded in the same process (libcurl3 using libssl1.0.0 and another thing, maybe that php55-openssl thing or apache, using libssl0.9.8) and that they somehow conflict with each other. The reason why the 7.21 version works (which I presume comes from squeeze), is that it links to libssl0.9.8 so that there's no double libssl loaded. If I'm right, this is not a curl bug. But you can fix it by rebuilding the packages that use libssl0.9.8 to use libssl1.0.0 (or vice versa). Alternatively, you can use libcurl3-gnutls. Cheers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
