On Thu, Feb 23, 2012 at 7:29 PM, Kurt Roeckx <k...@roeckx.be> wrote: > On Thu, Feb 23, 2012 at 07:26:02PM +0100, JM wrote: >> Update: >> >> I have found out that the nginx error is a result of a regression in >> openssl that took place between versions 1.0.0d and 1.0.0e. >> >> I suppose it would be best if I opened a separate bug report for it? >> Or should I pester the upstream directly? > > Yes please, I will not have time to look at it.
It appears that I was wrong after all. Sorry for the noise. The bug is in packaging rather than upstream. I did the folllowing: apt-get source openssl cd openssl-1.0.0g ./Configure --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/i386-linux-gnu no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2 debian-i386 && make depend && make cd apps ./openssl s_server -cert /etc/ssl/private/server.crt -key /etc/ssl/private/server.key -ssl3 -engine padlock -state -msg -debug on a separate terminal: openssl s_client : it works then: apt-get -b source openssl dpkg -i libssl1.0.0_1.0.0g-1_i386.deb openssl_1.0.0g-1_i386.deb openssl s_server -cert /etc/ssl/private/server.crt -key /etc/ssl/private/server.key -ssl3 -engine padlock -state -msg -debug on a separate terminal: openssl s_client : fails with 3074197656:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1195:SSL alert number 20 I am unfamiliar with Debian's packaging specifics so it's hard for me to triage it any further on my own. I could hook you up with SSH access if you care to look into it. Regards, Jan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
