You are not logged in.
@Azriel
Thank you for reply and sorry for my late response.
But I have some news which solve or clarify the issue of this topic here and my issue.
First, the official package of openssl is updated to 1.0.1.e-2 and PKGBUILD used in official package now contains the lines discussed here.
I've confirmed that my environments successfully communicates to WCG servers, so looks like no more user-side package building is needed for our issue
Second, I've noticed I hadn't precisely followed your instruction... I'm sorry for confusing you.
I cloned the files for package building and, instead of copying your PKGBUILD on pastebin, I altered the file and appended the lines for fix manually.
Your PKGBUILD on pastebin is for 1.0.1c, and the PKGBUILD in official repository was for 1.0.1d in the time I tried to build the package.
I believe there was wrong checksum for Fix-IV-check-and-padding-removal.patch in the PKGBUILD for 1.0.0d, because I repeated package building from scratch twice so I don't think my files were corrupted.
However I can't provide proof because I don't know if I can get old files in repository...
Third, sadly, your troubleshooting is now obsolete...
The directory structure of official repository has changed and fix-manpages.patch doesn't exist now.
However that helps me to understand the issue. Thank you again!
Offline
true, everything works fine for me, well done!
Jaki koniec świata.Ziemia to nie cały świat ,a tylko mały Wąchock we wszechświecie.
Offline
now contains the lines discussed here
But they didn't last long
Offline
k2_8191 wrote:now contains the lines discussed here
But they didn't last long
Thanks for heads-up and... oh...
The commit message says "Remove all workarounds for broken servers as this breaks more than it helps"... so are WCG servers' SSL connections broken?
Offline
The commit message says "Remove all workarounds for broken servers as this breaks more than it helps"... so are WCG servers' SSL connections broken?
No idea, but this bug doesn't seem to make a lot of noise, so it'll be hard for WCG to know that there is something wrong with their server... Not sure how we could do something to get them to fix that.
This being said, the fix not remaining into the community package isn't that big a deal, we know where the bug is and we know how to fix it, I just redid the wiki manoeuver, and the only thing we need to amend is the PKGBUILD, and since we have the diff from the "fixed" PKGBUILD and the current, it's easy as pie. I've updated the wiki for that.
Offline
@Azuriel
Thanks for updating wiki
k2_8191 wrote:The commit message says "Remove all workarounds for broken servers as this breaks more than it helps"... so are WCG servers' SSL connections broken?
No idea, but this bug doesn't seem to make a lot of noise, so it'll be hard for WCG to know that there is something wrong with their server... Not sure how we could do something to get them to fix that.
Hmm, I hope I won't get any problem regarding the fix for WCG. It's a little bit creepy...
I wish I would have deep knowledge of SSL connection so that I can ask where the problem originates for help.
Offline
I'm unsure if this workaround is needed with the openssl 1.0.1.e release?, I've been checking my logs after I installed 1.0.1.e-3, and there don't seem to be any problems. I do have a self compiled boinc 7.0.52 installed though, so I'm unsure what might have fixed it for me.
Offline
I've also confirmed that my PCs which BOINC 7.0.28-2 from community repo and OpenSSL 1.0.1.e-3 are installed communicates with WCG servers successfully...
Why does it work without the fix? I'm confused...
Offline
Why does it work without the fix? I'm confused...
Well I have 3 idea's why:
1) openssl has received quite a few fixe's in this area.
2) WCG could have 'fixed' their servers, although I don't think this is likely the real reason.
3) Archlinux package 'openssl 1.0.1.e-3' is the first package I've actually tried without any of the TLS workarounds, this is most likely I think, although I can't confirm it for sure as I haven't tested it.
So it could have been the inclusion of the option '-DOPENSSL_NO_TLS1_2_CLIENT', in the main openssl package that was causing problems all along, and as these options have been removed for causing more problems than fixing, the maintainer really did mean that. But we'll need a few more confirmations and a few more days testing before anything can be certain.
Offline
Opensuse are using, in openssl-1.0.1e-2.1.src.rpm, some interesting configure options that could be worth trying for people still having problems:
-DTERMIO \
-DPURIFY \
-DSSL_FORBID_ENULL
Offline
I've also confirmed that my PCs which BOINC 7.0.28-2 from community repo and OpenSSL 1.0.1.e-3 are installed communicates with WCG servers successfully...
Why does it work without the fix? I'm confused...
If it ain't broke, don't try fixin' it
Generally speaking, if someone wasn't working and now does, you just make a prayer to the computer gods and thank them for their kindness. I haven't checked whether I'm still downloading new work unit after upgrading or not (not on linux at the moment), but if it's fixed for everyone we should edit the wiki one last time.
Offline