[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
John Stoffel email@example.com
Sat, 29 Jul 2017 13:38:59 GMT
>>>>> "Chris" == Chris <firstname.lastname@example.org> writes: Chris> On Fri, Jul 28, 2017 at 12:00:55PM -0400, John Stoffel wrote: >> Can you give more details on your evironment, and the exact version of >> openssl you have installed? Chris> The packages installed are: https://paste.debian.net/978748/ Chris> Specifically: Chris> libssl-dev/unstable,now 1.1.0f-3 amd64 [installed] Chris> The build is being done in a Debian Sid chroot, which is how Debian Chris> packages are typically developed. It's essentially the most minimal Chris> environment in which you could expect things to build; minimal other Chris> distractions, and a really good idea about exactly what has changed. Chris> In this environment, conserver's tests pass fine with openssl 1.0. Chris> The easiest way to simulate this on other systems is probably with Chris> Docker, instead of trying to use pbuilder: Ok, I spent some time yesterday spinning up a Debian SID VM instead, haven't had the chance to play with docker, etc yet. And I do the build problem there (base 8.2.1 without your changes). I also tried widening the allowed set of certficates in the SetupSSL() function to "ALL:!eNULL" but that didn't make a difference. Haven't had the time to poke deeper. I'm also more of a SysAdmin hacker, not a developer, so my C skills are rusty. And my openssl hacking... non-existent. LOL. So I'll be slow in my helping here. We probably need to break is down more to just the bare bones SSL setup and configuration, to make sure it's working. I figure the openssl tool might be a help here. Chris> Start a Debian Sid container, interactively: Chris> $ docker run -it debian:sid Chris> And, inside, download the dependencies, the code, then try and build: Chris> apt update && \ Chris> apt upgrade --yes && \ Chris> apt install --yes git ca-certificates debhelper build-essential && \ Chris> apt install --yes libpam0g-dev libwrap0-dev libssl-dev && \ Chris> git clone https://github.com/FauxFaux/conserver && \ Chris> cd conserver && \ Chris> autoreconf -fvi && \ Chris> ./configure --with-openssl && \ Chris> make && \ Chris> make test >> Also, looking at your patch, I see that you removed DH_new() call, but >> never replaced it. So I wonder if that's part of the problem? Chris> The DH_new() call has been moved down the method, to make the error handling Chris> easier. But, it can't be the problem anyway: the new code is never hit; the Chris> log statement in `TmpDHCallback` is never reached, so the new code cannot Chris> be the problem. Chris> Chris.