On 2 February 2018 at 07:08, Warren Young <[email protected]> wrote: > On Sep 16, 2017, at 12:57 PM, John Found <[email protected]> wrote: >> >> On Sat, 16 Sep 2017 13:44:51 -0500 >> Andy Goth <[email protected]> wrote: >> >>> Please type "openssl version" and let us know what it prints. >> >> OpenSSL 1.1.0f 25 May 2017 > > There’s a known bug in that version of OpenSSL which was fixed in the very > next version, 1.1.1. > > Quoting from the OpenSSL 1.1.1 ChangeLog: > >> *) Rewrite of BIO networking library. The BIO library lacked consistent >> support of IPv6, and adding it required some more extensive >> modifications. This introduces the BIO_ADDR and BIO_ADDRINFO types, >> which hold all types of addresses and chains of address information. >> It also introduces a new API, with functions like BIO_socket, >> BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept. >> The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram >> have been adapted accordingly. >> [Richard Levitte] > > One solution you have, therefore, is to install the source code for OpenSSL > 1.1.1 or 1.0.2n into compat/openssl under the Fossil source tree, build the > library, then reconfigure Fossil, adding --with-openssl=tree to whatever > other options you’d normally use. > > You may need to add this to your ~/.profile: > > export SSL_CERT_DIR=/etc/ssl/certs > > This non-platform version of OpenSSL will not be able to find your platform > CA certificate store otherwise. > > Another solution is simply to disable IPv6 everywhere in your system. > > A third solution would be to lean on Debian/Raspbian/Ubuntu, etc. to backport > this fix from 1.1.1 to 1.1.0f. I don’t hold out much hope on this since the > fix is described as a “rewrite” of a core I/O library. > > Therefore, a fourth solution is to simply ignore it until 2020 or so, by > which time you should have a new version of your stable OS’s core libraries, > as long as you’re willing to upgrade at that time.
Fifth solution: don't use TLS for this repo when you're using that platform. -- ------- inum: 883510009027723 sip: [email protected] _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
