On Sep 16, 2017, at 12:57 PM, John Found <johnfo...@asm32.info> wrote:
> On Sat, 16 Sep 2017 13:44:51 -0500
> Andy Goth <andrew.m.g...@gmail.com> wrote:
>> Please type "openssl version" and let us know what it prints.
> OpenSSL 1.1.0f 25 May 2017
There’s a known bug in that version of OpenSSL which was fixed in the very next
Quoting from the OpenSSL 1.1.1 ChangeLog:
> *) Rewrite of BIO networking library. The BIO library lacked consistent
> support of IPv6, and adding it required some more extensive
> modifications. This introduces the BIO_ADDR and BIO_ADDRINFO types,
> which hold all types of addresses and chains of address information.
> It also introduces a new API, with functions like BIO_socket,
> BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept.
> The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram
> have been adapted accordingly.
> [Richard Levitte]
One solution you have, therefore, is to install the source code for OpenSSL
1.1.1 or 1.0.2n into compat/openssl under the Fossil source tree, build the
library, then reconfigure Fossil, adding --with-openssl=tree to whatever other
options you’d normally use.
You may need to add this to your ~/.profile:
This non-platform version of OpenSSL will not be able to find your platform CA
certificate store otherwise.
Another solution is simply to disable IPv6 everywhere in your system.
A third solution would be to lean on Debian/Raspbian/Ubuntu, etc. to backport
this fix from 1.1.1 to 1.1.0f. I don’t hold out much hope on this since the
fix is described as a “rewrite” of a core I/O library.
Therefore, a fourth solution is to simply ignore it until 2020 or so, by which
time you should have a new version of your stable OS’s core libraries, as long
as you’re willing to upgrade at that time.
fossil-users mailing list