Debian Bug report logs - #471681
libssl0.9.8: XChat cannot connect to irc.mozilla.org:6697

version graph

Package: libssl0.9.8; Maintainer for libssl0.9.8 is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>;

Reported by: "Aleksej R. Serdyukov" <deletesoftware@yandex.ru>

Date: Wed, 19 Mar 2008 14:30:01 UTC

Severity: serious

Found in version openssl/0.9.8g-7

Fixed in version openssl/0.9.8g-8

Done: Kurt Roeckx <kurt@roeckx.be>

Bug is archived. No further changes may be made.

Forwarded to http://rt.openssl.org/Ticket/Display.html?id=1629

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#471681; Package libssl0.9.8. Full text and rfc822 format available.

Acknowledgement sent to "Aleksej R. Serdyukov" <deletesoftware@yandex.ru>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Aleksej R. Serdyukov" <deletesoftware@yandex.ru>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libssl0.9.8: XChat cannot connect to irc.mozilla.org:6697
Date: Wed, 19 Mar 2008 17:23:50 +0300
Package: libssl0.9.8
Version: 0.9.8g-7
Severity: important


When libssl0.9.8 0.9.8g-7 is installed xchat 2.8.2-1 (custom build with
a ping timeout patch) and 2.8.4-2 fail to
connect to irc.mozilla.org/6697 using SSL with the following message:

* Connection failed. Error: (336151568) error:14094410:SSL
* routines:SSL3_READ_BYTES:sslv3 alert handshake failure


With version 0.9.8g-4 installed, at least XChat 2.8.2-1 works (didn’t
check with 2.8.4-2).


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-k7 (SMP w/1 CPU core)
Locale: LANG=eo.UTF-8, LC_CTYPE=eo.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libssl0.9.8 depends on:
ii  debconf [debconf-2.0]  1.5.19            Debian configuration management sy
ii  libc6                  2.7-6             GNU C Library: Shared libraries
ii  zlib1g                 1:1.2.3.3.dfsg-11 compression library - runtime

libssl0.9.8 recommends no packages.

-- debconf information:
  libssl0.9.8/restart-failed:
* libssl0.9.8/restart-services: clamav-freshclam




Severity set to `serious' from `important' Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Wed, 19 Mar 2008 17:30:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#471681; Package libssl0.9.8. Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #12 received at 471681@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: "Aleksej R. Serdyukov" <deletesoftware@yandex.ru>, 471681@bugs.debian.org
Subject: Re: [Pkg-openssl-devel] Bug#471681: libssl0.9.8: XChat cannot connect to irc.mozilla.org:6697
Date: Wed, 19 Mar 2008 18:50:23 +0100
On Wed, Mar 19, 2008 at 05:23:50PM +0300, Aleksej R. Serdyukov wrote:
> Package: libssl0.9.8
> Version: 0.9.8g-7
> Severity: important
> 
> 
> When libssl0.9.8 0.9.8g-7 is installed xchat 2.8.2-1 (custom build with
> a ping timeout patch) and 2.8.4-2 fail to
> connect to irc.mozilla.org/6697 using SSL with the following message:
> 
> * Connection failed. Error: (336151568) error:14094410:SSL
> * routines:SSL3_READ_BYTES:sslv3 alert handshake failure
> 
> 
> With version 0.9.8g-4 installed, at least XChat 2.8.2-1 works (didn't
> check with 2.8.4-2).

I can reproduce your problem.  It's the change between 0.9.8g-4 and 
0.9.8g-5 that causes the problem that we didn't expect to break
anything.

But rebuilding it against the current version should fix that, and it
doesn't for me.  So my first guess would be that it's actually a problem
in xchat.  I'll try and debug this later.


Kurt





Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#471681; Package libssl0.9.8. Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #17 received at 471681@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: "Aleksej R. Serdyukov" <deletesoftware@yandex.ru>, 471681@bugs.debian.org
Subject: Re: [Pkg-openssl-devel] Bug#471681: Bug#471681: libssl0.9.8: XChat cannot connect to irc.mozilla.org:6697
Date: Wed, 19 Mar 2008 22:33:40 +0100
On Wed, Mar 19, 2008 at 06:50:23PM +0100, Kurt Roeckx wrote:
> 
> I can reproduce your problem.  It's the change between 0.9.8g-4 and 
> 0.9.8g-5 that causes the problem that we didn't expect to break
> anything.

I can even reproduce it with s_client:
openssl s_client -ssl3  -host irc.mozilla.org -port 6697
CONNECTED(00000003)
3265:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40
3265:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:

After removing the "-ssl3", things work properly.

When using
openssl s_client -ssl3 -debug -host irc.mozilla.org -port 6697

With -7:
CONNECTED(00000003)
write to 0x688900 [0x6926f0] (93 bytes => 93 (0x5D))
0000 - 16 03 00 00 58 01 00 00-54 03 00 47 e1 84 e2 84   ....X...T..G....
0010 - f0 01 04 a2 65 92 08 6a-83 99 f1 76 bd f8 7a 52   ....e..j...v..zR
0020 - 88 cb 23 11 4a f5 8a 75-e6 97 da 00 00 26 00 39   ..#.J..u.....&.9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f   .8.5.......3.2./
0040 - 00 05 00 04 00 15 00 12-00 09 00 14 00 11 00 08   ................
0050 - 00 06 00 03 02 01 00 00-04 00 23                  ..........#
005d - <SPACES/NULS>
read from 0x688900 [0x68dee0] (5 bytes => 5 (0x5))
0000 - 15 03 00 00 02                                    .....
read from 0x688900 [0x68dee5] (2 bytes => 2 (0x2))
0000 - 02 28                                             .(
10403:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40
10403:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:

Repeated:
CONNECTED(00000003)
write to 0x688900 [0x6926f0] (93 bytes => 93 (0x5D))
0000 - 16 03 00 00 58 01 00 00-54 03 00 47 e1 84 a8 82   ....X...T..G....
0010 - 70 c9 c9 24 90 54 99 27-98 c9 0d 98 73 66 17 4d   p..$.T.'....sf.M
0020 - 19 7c 21 dc 9d 02 65 d1-6e fe 31 00 00 26 00 39   .|!...e.n.1..&.9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f   .8.5.......3.2./
0040 - 00 05 00 04 00 15 00 12-00 09 00 14 00 11 00 08   ................
0050 - 00 06 00 03 02 01 00 00-04 00 23                  ..........#
005d - <SPACES/NULS>
read from 0x688900 [0x68dee0] (5 bytes => 5 (0x5))
0000 - 15 03 00 00 02                                    .....
read from 0x688900 [0x68dee5] (2 bytes => 2 (0x2))
0000 - 02 28                                             .(

Repeated:
CONNECTED(00000003)
write to 0x688900 [0x6926f0] (93 bytes => 93 (0x5D))
0000 - 16 03 00 00 58 01 00 00-54 03 00 47 e1 83 dd 4f ....X...T..G...O
0010 - bc f9 7b b7 e3 21 c3 4e-6f 62 15 3c cb 19 c9 08 ..{..!.Nob.<....
0020 - 7f cd 03 ff b8 29 4c 4c-1a 19 4b 00 00 26 00 39 .....)LL..K..&.9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5.......3.2./
0040 - 00 05 00 04 00 15 00 12-00 09 00 14 00 11 00 08 ................
0050 - 00 06 00 03 02 01 00 00-04 00 23                  ..........#
005d - <SPACES/NULS>
read from 0x688900 [0x68dee0] (5 bytes => 5 (0x5))
0000 - 15 03 00 00 02                                    .....
read from 0x688900 [0x68dee5] (2 bytes => 2 (0x2))
0000 - 02 28                                             .(
3304:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1053:SSL alert number 40
3304:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:530:

Using -4:
write to 0x688880 [0x692670] (87 bytes => 87 (0x57))
0000 - 16 03 00 00 52 01 00 00-4e 03 00 47 e1 86 0c c6   ....R...N..G....
0010 - 7e 9a 63 ae 98 bf 91 e9-34 50 63 7c f6 4e 42 b5   ~.c.....4Pc|.NB.
0020 - d7 2f 40 32 1c 20 79 79-e9 3b f6 00 00 26 00 39   ./@2. yy.;...&.9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f   .8.5.......3.2./
0040 - 00 05 00 04 00 15 00 12-00 09 00 14 00 11 00 08   ................
0050 - 00 06 00 03 02 01                                 ......
0057 - <SPACES/NULS>
read from 0x688880 [0x68de60] (5 bytes => 5 (0x5))
0000 - 16 03 00 00 2a                                    ....*
read from 0x688880 [0x68de65] (42 bytes => 42 (0x2A))
0000 - 02 00 00 26 03 00 47 e1-86 0d d3 46 c7 f0 38 b2   ...&..G....F..8.
0010 - c8 fe ae 3f 4f 7b 8e d9-9c b3 87 2a 54 e8 ef a5   ...?O{.....*T...
0020 - 86 19 d1 88 40 88 00 00-35                        ....@...5
002a - <SPACES/NULS>
read from 0x688880 [0x68de60] (5 bytes => 5 (0x5))
0000 - 16 03 00 0f c6                                    .....
[...]

So it seems that openssl is sending something different while
I can't see a reason why it should be sending something different.


Kurt





Noted your statement that Bug has been forwarded to http://rt.openssl.org/Ticket/Display.html?id=1629. Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Sun, 23 Mar 2008 17:51:40 GMT) Full text and rfc822 format available.

Reply sent to Kurt Roeckx <kurt@roeckx.be>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Aleksej R. Serdyukov" <deletesoftware@yandex.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #24 received at 471681-close@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: 471681-close@bugs.debian.org
Subject: Bug#471681: fixed in openssl 0.9.8g-8
Date: Sun, 23 Mar 2008 19:32:06 +0000
Source: openssl
Source-Version: 0.9.8g-8

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:

libcrypto0.9.8-udeb_0.9.8g-8_amd64.udeb
  to pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-8_amd64.udeb
libssl-dev_0.9.8g-8_amd64.deb
  to pool/main/o/openssl/libssl-dev_0.9.8g-8_amd64.deb
libssl0.9.8-dbg_0.9.8g-8_amd64.deb
  to pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-8_amd64.deb
libssl0.9.8_0.9.8g-8_amd64.deb
  to pool/main/o/openssl/libssl0.9.8_0.9.8g-8_amd64.deb
openssl_0.9.8g-8.diff.gz
  to pool/main/o/openssl/openssl_0.9.8g-8.diff.gz
openssl_0.9.8g-8.dsc
  to pool/main/o/openssl/openssl_0.9.8g-8.dsc
openssl_0.9.8g-8_amd64.deb
  to pool/main/o/openssl/openssl_0.9.8g-8_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 471681@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 23 Mar 2008 17:50:04 +0000
Source: openssl
Binary: openssl libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source amd64
Version: 0.9.8g-8
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 471681
Changes: 
 openssl (0.9.8g-8) unstable; urgency=high
 .
   * Don't add extentions to ssl v3 connections.  It breaks with some
     other software.  (Closes: #471681)
Files: 
 fe850e6b4eb7f759182b494f0f052d71 797 utils optional openssl_0.9.8g-8.dsc
 f7aad7a51bbb714bc5a37c6fe972dfb1 51749 utils optional openssl_0.9.8g-8.diff.gz
 4d71d644338401400e8f995186b782ab 1028718 utils optional openssl_0.9.8g-8_amd64.deb
 bd4a16951fa72214b79eb37be3428aed 949884 libs important libssl0.9.8_0.9.8g-8_amd64.deb
 bb83ed3f3229b6e85609866dddd34998 617258 debian-installer optional libcrypto0.9.8-udeb_0.9.8g-8_amd64.udeb
 e5410ce53422d2b383955b1f4246af8a 2204218 libdevel optional libssl-dev_0.9.8g-8_amd64.deb
 680127f833c7f9e24f6933417f1f4251 1612718 libdevel extra libssl0.9.8-dbg_0.9.8g-8_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH5qtJQdwckHJElwsRAgbrAJ4rqWDe93YfZTWKaOkue76Zn+s3VgCeOCiQ
N7y1fDK8ovaqJnQRZanCKuw=
=+P14
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 19 May 2008 07:48:10 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 07:25:29 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.