Can you provide more information on your environment and how to reproduce this? I wasn't able to reproduce this on my rpi3b+ running focal, with either libssl1.1 1.1.1f-1ubuntu2.8 or 1.1.1f-1ubuntu2.9:
First, 1.1.1f-1ubuntu2.8 installed: $ curl -v https://graph.facebook.com/v12.0/act_111/ * Trying 157.240.3.20:443... * TCP_NODELAY set * Connected to graph.facebook.com (157.240.3.20) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=Menlo Park; O=Facebook, Inc.; CN=*.facebook.com * start date: Nov 4 00:00:00 2021 GMT * expire date: Feb 2 23:59:59 2022 GMT * subjectAltName: host "graph.facebook.com" matched cert's "*.facebook.com" * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0xaaaac4c9dee0) > GET /v12.0/act_111/ HTTP/2 > Host: graph.facebook.com > user-agent: curl/7.68.0 > accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * Connection state changed (MAX_CONCURRENT_STREAMS == 100)! < HTTP/2 403 < vary: Origin < x-ad-account-usage: {"acc_id_util_pct":0} < x-fb-rlafr: 0 < content-type: application/json; charset=UTF-8 < www-authenticate: OAuth "Facebook Platform" "insufficient_scope" "(#200) Provide valid app ID" < access-control-allow-origin: * < facebook-api-version: v12.0 < strict-transport-security: max-age=15552000; preload < pragma: no-cache < cache-control: no-store < expires: Sat, 01 Jan 2000 00:00:00 GMT < x-fb-request-id: AYFxZKGuw4Uidu_b6_RsyRn < x-fb-trace-id: C1HBc2Oi1S3 < x-fb-rev: 1004746171 < x-fb-debug: yza+SwSrqD6mY1INQSyb5rcHmU89PziSoE3txYwg1BjWybYcgB36mUMVxq9bsRAJXZGkc34nNcSps5APpyG8QA== < content-length: 125 < date: Wed, 17 Nov 2021 20:48:02 GMT < alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600 < * Connection #0 to host graph.facebook.com left intact {"error":{"message":"(#200) Provide valid app ID","type":"OAuthException","code":200,"fbtrace_id":"AYFxZKGuw4Uidu_b6_RsyRn"}}ubuntu@ubuntu:~ $ wget https://graph.facebook.com/v12.0/act_111/ --2021-11-17 20:48:16-- https://graph.facebook.com/v12.0/act_111/ Resolving graph.facebook.com (graph.facebook.com)... 157.240.3.20, 2a03:2880:f001:6:face:b00c:0:2 Connecting to graph.facebook.com (graph.facebook.com)|157.240.3.20|:443... connected. HTTP request sent, awaiting response... 403 Forbidden 2021-11-17 20:48:16 ERROR 403: Forbidden. ubuntu@ubuntu:~ 8 $ Next, 1.1.1f-1ubuntu2.9 installed: ubuntu@ubuntu:~ 10s $ curl -v https://graph.facebook.com/v12.0/act_111/ * Trying 157.240.3.20:443... * TCP_NODELAY set * Connected to graph.facebook.com (157.240.3.20) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=Menlo Park; O=Facebook, Inc.; CN=*.facebook.com * start date: Nov 4 00:00:00 2021 GMT * expire date: Feb 2 23:59:59 2022 GMT * subjectAltName: host "graph.facebook.com" matched cert's "*.facebook.com" * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0xaaaaf7766ee0) > GET /v12.0/act_111/ HTTP/2 > Host: graph.facebook.com > user-agent: curl/7.68.0 > accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * Connection state changed (MAX_CONCURRENT_STREAMS == 100)! < HTTP/2 403 < vary: Origin < x-ad-account-usage: {"acc_id_util_pct":0} < x-fb-rlafr: 0 < content-type: application/json; charset=UTF-8 < www-authenticate: OAuth "Facebook Platform" "insufficient_scope" "(#200) Provide valid app ID" < access-control-allow-origin: * < facebook-api-version: v12.0 < strict-transport-security: max-age=15552000; preload < pragma: no-cache < cache-control: no-store < expires: Sat, 01 Jan 2000 00:00:00 GMT < x-fb-request-id: Am3RN54patCCpaHOyAFFei2 < x-fb-trace-id: DRBLeslKDkd < x-fb-rev: 1004746932 < x-fb-debug: uKL59lodhRXYgSVNGEttmwHpFrCHYdUtuRqAl0zFKuCA70xBHp365dz/H7gg2MFE4/qQaY7d4AlhjpSynjKa3A== < content-length: 125 < date: Wed, 17 Nov 2021 21:35:20 GMT < priority: u=3,i < alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600 < * Connection #0 to host graph.facebook.com left intact {"error":{"message":"(#200) Provide valid app ID","type":"OAuthException","code":200,"fbtrace_id":"Am3RN54patCCpaHOyAFFei2"}}ubuntu@ubuntu:~ $ wget https://graph.facebook.com/v12.0/act_111/ ubuntu@ubuntu:~ $ wget https://graph.facebook.com/v12.0/act_111/ --2021-11-17 21:35:33-- https://graph.facebook.com/v12.0/act_111/ Resolving graph.facebook.com (graph.facebook.com)... 157.240.3.20, 2a03:2880:f001:6:face:b00c:0:2 Connecting to graph.facebook.com (graph.facebook.com)|157.240.3.20|:443... connected. HTTP request sent, awaiting response... 403 Forbidden 2021-11-17 21:35:33 ERROR 403: Forbidden. ubuntu@ubuntu:~ 8 $ If you're able to reproduce this problem, please install the debug symbol packages needed to get useful backtraces: https://wiki.ubuntu.com/Debug%20Symbol%20Packages Thanks ** Changed in: openssl (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1951279 Title: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds Status in openssl package in Ubuntu: Incomplete Bug description: Description ----------- It seems that current Ubuntu 20.04 (Focal) distribution for Arm64/Aarch64 raise a segmentation fault when certain validates some certificates. This issue affects only to Arm64/Aarch64 all the tools statically or dynamically linked with this version of the library are affected (Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc). Environment and platform ------------------------ Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux Steps to reproduce ------------------ 1. Run: curl -v https://graph.facebook.com/v12.0/act_111/ or wget https://graph.facebook.com/v12.0/act_111/ Result received --------------- Segmentation fault (core dumped) Notes ----- This bug was found by the Curl users: See: https://github.com/curl/curl/issues/8024 I believe that this bug is related to https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector point for code injection. Actually there isn't any replacement for OpenSSL 1.1.1f for Focal (Arm64), so it makes difficult to use Ubuntu 20.04 in a production environment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951279/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
