On Sep 16, 2017, at 12:57 PM, John Found <[email protected]> wrote:
>
> On Sat, 16 Sep 2017 13:44:51 -0500
> Andy Goth <[email protected]> wrote:
>
>> Please type "openssl version" and let us know what it prints.
>
> OpenSSL 1.1.0f 25 May 2017
There’s a known bug in that version of OpenSSL which was fixed in the very next
version, 1.1.1.
Quoting from the OpenSSL 1.1.1 ChangeLog:
> *) Rewrite of BIO networking library. The BIO library lacked consistent
> support of IPv6, and adding it required some more extensive
> modifications. This introduces the BIO_ADDR and BIO_ADDRINFO types,
> which hold all types of addresses and chains of address information.
> It also introduces a new API, with functions like BIO_socket,
> BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept.
> The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram
> have been adapted accordingly.
> [Richard Levitte]
One solution you have, therefore, is to install the source code for OpenSSL
1.1.1 or 1.0.2n into compat/openssl under the Fossil source tree, build the
library, then reconfigure Fossil, adding --with-openssl=tree to whatever other
options you’d normally use.
You may need to add this to your ~/.profile:
export SSL_CERT_DIR=/etc/ssl/certs
This non-platform version of OpenSSL will not be able to find your platform CA
certificate store otherwise.
Another solution is simply to disable IPv6 everywhere in your system.
A third solution would be to lean on Debian/Raspbian/Ubuntu, etc. to backport
this fix from 1.1.1 to 1.1.0f. I don’t hold out much hope on this since the
fix is described as a “rewrite” of a core I/O library.
Therefore, a fourth solution is to simply ignore it until 2020 or so, by which
time you should have a new version of your stable OS’s core libraries, as long
as you’re willing to upgrade at that time.
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
