[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: Porting conserver to OpenSSL 1.1

John Stoffel john@stoffel.org
Tue, 25 Jul 2017 21:43:08 GMT


Chris> I've been trying to get conserver to work with OpenSSL 1.1, as this will
Chris> soon be the only version available in Debian Linux:
Chris> https://bugs.debian.org/851085

Awesome news! 

Chris> The attached patch fixes a few trivial compile errors caused by API
Chris> changes. With the attached patch applied, the code builds against
Chris> Debian sid's libssl-dev (1.1). However, the server rejects all
Chris> connections with a "handshake error", and a pretty generic error
Chris> message that just means something is wrong with ciphers, certificates,
Chris> or something like that. This causes all the tests to fail. The code
Chris> doesn't even reach the place the patch changes, so it's unlikely to be
Chris> the cause.

I wonder if the issue is that it looks like you're trying to use
sslv3, but I bet you need to change to using TLSv1 or v2 instead,
since ssl2 and ssl3 are deprecated now.

Can you post your patches?  Or a link to a git repo I could pull and
glance over?  But I warn you all, I'm not a strong C hacker at all...


Chris> Has anyone made any further progress? Does anyone know what the problem
Chris> is?

Chris> Any help greatly appreciated.

Chris> Chris.

Chris> ---

Chris> The errors are:

Chris> 140691693188864:error:14094410:SSL routines:ssl3_read_bytes:sslv3
Chris>   alert handshake failure:../ssl/record/rec_layer_s3.c:1399:SSL alert number 40

Chris> error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher

Chris> [DELETED ATTACHMENT conserver-ssl11.patch, text/x-diff]
Chris> _______________________________________________
Chris> users mailing list
Chris> users@conserver.com
Chris> https://www.conserver.com/mailman/listinfo/users