Your message dated Mon, 30 May 2016 22:33:35 +0000
with message-id <e1b7vkd-0001nh...@franck.debian.org>
and subject line Bug#805112: fixed in zorp 3.9.5-7.1
has caused the Debian Bug report #805112,
regarding zorp: FTBFS: SSLv3 method removed
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
805112: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805112
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: zorp
Version: 3.9.5-7
Severity: serious
Control: block 797926 by -1
Hi,
The SSLv3 methods in the openssl package have been removed and as
a result your package can't be build anymore.
The code looks like:
if (strcmp(self->ssl_opts.ssl_method[side]->str, "SSLv23") == 0)
{
if (side == EP_CLIENT)
ctx = SSL_CTX_new(SSLv23_server_method());
else
ctx = SSL_CTX_new(SSLv23_client_method());
}
#ifndef OPENSSL_NO_SSL2
else if (strcmp(self->ssl_opts.ssl_method[side]->str, "SSLv2") == 0)
{
if (side == EP_CLIENT)
ctx = SSL_CTX_new(SSLv2_server_method());
else
ctx = SSL_CTX_new(SSLv2_client_method());
}
#endif
else if (strcmp(self->ssl_opts.ssl_method[side]->str, "SSLv3") == 0)
{
if (side == EP_CLIENT)
ctx = SSL_CTX_new(SSLv3_server_method());
else
ctx = SSL_CTX_new(SSLv3_client_method());
}
else if (strcmp(self->ssl_opts.ssl_method[side]->str, "TLSv1") == 0)
{
if (side == EP_CLIENT)
ctx = SSL_CTX_new(TLSv1_server_method());
else
ctx = SSL_CTX_new(TLSv1_client_method());
}
else
{
z_proxy_log(self, CORE_POLICY, 1, "Bad SSL method; method='%s',
side='%s'",
self->ssl_opts.ssl_method[side]->str, EP_STR(side));
z_proxy_return(self, FALSE);
}
And the documentation like:
<enum maturity="stable" id="enum.ssl.method">
<description>
Constants for SSL/TLS protocol selection
</description>
<item maturity="obsolete">
<name>SSL_METHOD_SSLV23</name>
<description>
Permit the use of SSLv2 and v3.
</description>
</item>
<item>
<name>SSL_METHOD_SSLV2</name>
<description>
Permit the use of SSLv2 exclusively.
</description>
</item>
<item>
<name>SSL_METHOD_SSLV3</name>
<description>
Permit the use of SSLv3 exclusively.
</description>
</item>
<item>
<name>SSL_METHOD_TLSV1</name>
<description>
Permit the use of TLSv1 exclusively.
</description>
</item>
<item>
<name>SSL_METHOD_ALL</name>
<description>
Permit the use of all the supported (SSLv2, SSLv3, and TLSv1)
protocols.
</description>
</item>
</enum>
There is also:
SSL_METHOD_SSLV23 = "SSLv23"
SSL_METHOD_SSLV2 = "SSLv2"
SSL_METHOD_SSLV3 = "SSLv3"
SSL_METHOD_TLSV1 = "TLSv1"
SSL_METHOD_ALL = "SSLv23"
So at least the documentation about SSL_METHOD_SSLV23 is wrong,
since it's actually the same as SSL_METHOD_ALL. The SSLv23_*
methods are the only ones that support multiple protocol versions,
and that currently includes up to TLS 1.2.
I recommend to only use the SSLv23_* methods, the others will go
away in the future. If you want to limit the support to a
protocol version I suggest you use the SSL(_CTX)_set_options()
options with something like SSL_OP_NO_SSLv3.
Kurt
--- End Message ---
--- Begin Message ---
Source: zorp
Source-Version: 3.9.5-7.1
We believe that the bug you reported is fixed in the latest version of
zorp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 805...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gianfranco Costamagna <locutusofb...@debian.org> (supplier of updated zorp
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 30 May 2016 11:10:43 +0200
Source: zorp
Binary: zorp zorp-dbg libzorp3.9 libzorp-dev zorp-modules zorp-modules-dbg
python-kzorp
Architecture: source
Version: 3.9.5-7.1
Distribution: unstable
Urgency: medium
Maintainer: SZALAY Attila <s...@debian.org>
Changed-By: Gianfranco Costamagna <locutusofb...@debian.org>
Description:
libzorp-dev - Development files needed to compile Zorp modules
libzorp3.9 - Runtime library of Zorp
python-kzorp - Python bindings for kzorp.
zorp - Advanced protocol analyzing firewall
zorp-dbg - Advanced protocol analyzing firewall
zorp-modules - Default proxy modules for Zorp
zorp-modules-dbg - Default proxy modules for Zorp
Closes: 805112
Changes:
zorp (3.9.5-7.1) unstable; urgency=medium
.
* Non-maintainer upload.
* d/p/remove-ssl3.patch:
- remove deprecated SSL3 function to fix FTBFS with
recent openssl (Closes: #805112).
Checksums-Sha1:
4b87569458e7c06a80af663f7ec879c00733c3e5 2177 zorp_3.9.5-7.1.dsc
1ed2f9694f42acf9767a880f0a334e94167f159e 18152 zorp_3.9.5-7.1.debian.tar.xz
Checksums-Sha256:
f6e59e13683ebda75bb0770e5bdcdd6ba5f80ead3dc0fcfcb299f253264eff5e 2177
zorp_3.9.5-7.1.dsc
6466c8866ddefa416749bd5d08986596edabcecee90dece11c6574df410c20d9 18152
zorp_3.9.5-7.1.debian.tar.xz
Files:
8dd209bc3a7251b8bdf50ae9e9efc709 2177 net optional zorp_3.9.5-7.1.dsc
4cdb2ae7805dbd948a3f1e7d43affe36 18152 net optional
zorp_3.9.5-7.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXTJqLAAoJEPNPCXROn13Zkp0QAIR/V+esDp5MauLPNdaJUBlI
BLw2ea6cVwfYk2IPX6SIeUJS5Tzp0OORweNsEJOzAvXF14DVu2HmcPNYgdB6qrvr
29beaZBArCcK61aI1TVK0zQJ+4an0Z61eKl0nYVL91iAy34CqhNunpoQaozvNUPx
7WsBRssljfP2g5XG47ceRiDlBMstaL8MKUL8xPLB+gnfNDTLeuvZNH6kr/GDnnX2
HQ4u2311gX7YFlKw9MX2IvwYsPvSBCOL/ue/4JfT8fwNK5cJRANxf0R9poLGukn+
is08eQQMhZAl0XaqrNClBqY2OkE7vVyGl4tAQ9o+FolDRMPDtdUyJPIVqifSfR4v
YIHG6q9vGHKYgx+oixictE4Mvzj9HQkRiWznPwHQtdj1g9H6PTsNdJzmAflVT8ON
EqVfHS+Rd0+4quaR9nXvnGNsZQmvM05OvYp3PuJ/IGt6eCSB8mR7Vq+VVvqWgXHJ
Yi/jfyCRa/8N75soNdtIa9BYT97p6Zq/iTo0xzGa220IEnrvhQryqr7Y6iBlbCEv
WWpnHgfz9YDTA0dKtzsYw4RToNZ2unWDqWDuaTXywG7hYcfTvKwgN8TiwXhPpdHi
Yn3a3HY/LQWPVDinn60NPNPgDkcYbC5zho7QskppL1REg/XR0P1NqfUR1TUkIBvX
3iBfkb15bGtUUhSThTCT
=VjbR
-----END PGP SIGNATURE-----
--- End Message ---
