Summary: | >=dev-libs/openssl-1.0.1 breaks paypal, facebook and some other https servers | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Alexander E. Patrakov <patrakov> |
Component: | [OLD] Core system | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | jan, kamensky.fb, steffen.weber, tl |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 412661 |
Description
Alexander E. Patrakov
2012-04-21 05:52:06 UTC
It also seems to breaks 802.1X in wpa_supplicant. (Only tried with PEAP + MSCHAPv2). For me it always results in EAP authentication failure. Downgrading to openssl-1.0.0i fixed the issue. paypal and facebook look like they're fixed. @Jan is that a microsoft radius server your client is talking to? With your 1.0.0i openssl, try openssl s_client -tls1 -servername "verylonghostnameaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -msg -connect server:port Check that the hello message length is >255 bytes (at least 0x100) If that replicates the problem (or try a longer servername if it works), then it's your radius server's ssl implementation that's the problem. Can we close this? It is not a bug in Gentoo, it's a bug in other people's ssl implementations and most of them seem to be fixed by now. closing, as this is not a gentoo bug *** Bug 462348 has been marked as a duplicate of this bug. *** |