[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: Porting conserver to OpenSSL 1.1

John Stoffel john@stoffel.org
Sat, 29 Jul 2017 13:38:59 GMT

>>>>> "Chris" == Chris  <solo-conserver@goeswhere.com> writes:

Chris> On Fri, Jul 28, 2017 at 12:00:55PM -0400, John Stoffel wrote:
>> Can you give more details on your evironment, and the exact version of
>> openssl you have installed?

Chris> The packages installed are: https://paste.debian.net/978748/

Chris> Specifically:
Chris> libssl-dev/unstable,now 1.1.0f-3 amd64 [installed]

Chris> The build is being done in a Debian Sid chroot, which is how Debian
Chris> packages are typically developed. It's essentially the most minimal
Chris> environment in which you could expect things to build; minimal other
Chris> distractions, and a really good idea about exactly what has changed.
Chris> In this environment, conserver's tests pass fine with openssl 1.0.
Chris> The easiest way to simulate this on other systems is probably with
Chris> Docker, instead of trying to use pbuilder:

Ok, I spent some time yesterday spinning up a Debian SID VM instead,
haven't had the chance to play with docker, etc yet.  And I do the
build problem there (base 8.2.1 without your changes).

I also tried widening the allowed set of certficates in the SetupSSL()
function to "ALL:!eNULL" but that didn't make a difference.  Haven't
had the time to poke deeper.  I'm also more of a SysAdmin hacker, not
a developer, so my C skills are rusty.  And my openssl
hacking... non-existent.

LOL.  So I'll be slow in my helping here.

We probably need to break is down more to just the bare bones SSL
setup and configuration, to make sure it's working.  I figure the
openssl tool might be a help here.  

Chris> Start a Debian Sid container, interactively:
Chris> $ docker run -it debian:sid

Chris> And, inside, download the dependencies, the code, then try and build:

Chris> apt update && \
Chris>   apt upgrade --yes && \
Chris>   apt install --yes git ca-certificates debhelper build-essential && \
Chris>   apt install --yes libpam0g-dev libwrap0-dev libssl-dev && \
Chris>   git clone https://github.com/FauxFaux/conserver && \
Chris>   cd conserver && \
Chris>   autoreconf -fvi && \
Chris>   ./configure --with-openssl && \
Chris>   make && \
Chris>   make test

>> Also, looking at your patch, I see that you removed DH_new() call, but
>> never replaced it.  So I wonder if that's part of the problem?

Chris> The DH_new() call has been moved down the method, to make the error handling
Chris> easier. But, it can't be the problem anyway: the new code is never hit; the
Chris> log statement in `TmpDHCallback` is never reached, so the new code cannot
Chris> be the problem.

Chris> Chris.