A NOTE has been added to this issue. ====================================================================== https://www.opencsw.org/mantis/view.php?id=4931 ====================================================================== Reported By: zephyrus00jp Assigned To: ====================================================================== Project: openssl Issue ID: 4931 Category: upgrade Reproducibility: always Severity: major Priority: normal Status: new ====================================================================== Date Submitted: 2012-04-02 15:50 CEST Last Modified: 2012-04-10 05:19 CEST ====================================================================== Summary: "git clone https: ..." fails: Request to upgrade OpenSSL to 1.0.0h or newer. Description: On solaris 10, I found that
git clone https:.... failed. To make a long story short, I tracked down this to the failure of curl library used by git, and then this curl library seems to be failing in openssl modules. The following is more detailed explanation and my fiding: serverfault.com/questions/374053/solaris-10-opencsw-git-package-issue-with-bitbucket-git-hosting Based on some similar reports, I think it is best to offer openssl 1.0.0h or newer, and then re-compile curl libraries (making sure that openssl versions are used), and recompile git tools as well. I don't know much about OpenCSW packaging and so I can't try to recompile openssl and figure out whether upgrading helps or not. ====================================================================== ---------------------------------------------------------------------- (0009794) zephyrus00jp (reporter) - 2012-04-10 05:19 https://www.opencsw.org/mantis/view.php?id=4931#c9794 ---------------------------------------------------------------------- I am still trying to figure out. One thing that looks odd is that solaris log doesn't show any key exchange sequences. I wonder if there is some kind of protocol mismatch somewhere that can be changed by configuration changes. Solaris failure log (excerpted near the beginning) from Connected to bitbucket.org (207.223.240.182) port 443 (https://www.opencsw.org/mantis/view.php?id=0) * SSL: couldn't set callback! * successfully set certificate verify locations: * CAfile: none CApath: /opt/csw/ssl/certs * WARNING: failed to configure server name indication (SNI) TLS extension ??? key exchange is missing here in comparison to linux dump ...??? * SSL connection using AES256-SHA Linux log : * Connected to bitbucket.org (207.223.240.182) port 443 (https://www.opencsw.org/mantis/view.php?id=0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using AES256-SHA * Server certificate: Since log messages may vary between different versions, I think I really should home in "couldn't set callback!" problem. I tried installing openssl 1.0.0, and replaced the dynamic library, but still no go. Then I realize that OpenSSL API may not be binary compatible between 1.0.0 and previous versions. So I may have to re-install from source - openssl 1.0.0 - libcurl - git and try if the combination fixes the issue. Stay tuned... _______________________________________________ bug-notifications mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/bug-notifications
