Re: [arch-general] [arch-dev-public] openssl 1.0 rebuild
On Wed, Apr 07, 2010 at 11:49:10AM +0200, Thomas Bächler wrote:
Am 30.03.2010 03:36, schrieb Pierre Schmitz:
I created a rebuld list for the just released openssl 1.0.0 (Thanks Dan for fixing the todo list that fast!). These are 236 packages for each architecture; so this will need some kind of planning and a bunch of people to help. But for now I'll at least wait for the Gnome and KDE release and also Allan's heimdal rebuilds.
Fedora uses openssl 1 since Fedora 12 which means if there are any issues we'll probably find a solution there. Till then I just need to port the man page patch (easy) and see why it compiles with -DOPENSSL_IA32_SSE2 on x86_64 and if that is an issue at all.
The new openssl breaks RADIUS authentication with wpa_supplicant for me. It fails to verify the CA certificate and aborts authentication. It works if I disable verification of the certificates in the configuration (which is bad, but still helps).
I noticed something which sounds similar. After I synched, I rebuilt elinks-git against all the new libs I had installed. Then I noticed I was getting ssl errors whenever I went to an https: site. Turns out I needed to turn off the option connection.ssl.cert_verify: ## connection.ssl.cert_verify [0|1] # Verify the peer's SSL certificate. Note that this needs extensive # configuration of OpenSSL by the user. set connection.ssl.cert_verify = 0 Despite the "extensive configuration" warning, this was working before, but after rebuilding against openssl 1.0.0, it's not. The openssl upgrade brought some changes to /etc/ssl/openssl.cnf. I haven't tracked down yet whether any of those may be responsible for this. -- Jim Pryor profjim@jimpryor.net
participants (1)
-
Jim Pryor