On 2 February 2018 at 07:08, Warren Young <war...@etr-usa.com> wrote:
> On Sep 16, 2017, at 12:57 PM, John Found <johnfo...@asm32.info> wrote:
>>
>> On Sat, 16 Sep 2017 13:44:51 -0500
>> Andy Goth <andrew.m.g...@gmail.com> wrote:
>>
>>> Please type "openssl version" and let us know what it prints.
>>
>> OpenSSL 1.1.0f  25 May 2017
>
> There’s a known bug in that version of OpenSSL which was fixed in the very 
> next version, 1.1.1.
>
> Quoting from the OpenSSL 1.1.1 ChangeLog:
>
>>  *) Rewrite of BIO networking library. The BIO library lacked consistent
>>     support of IPv6, and adding it required some more extensive
>>     modifications.  This introduces the BIO_ADDR and BIO_ADDRINFO types,
>>     which hold all types of addresses and chains of address information.
>>     It also introduces a new API, with functions like BIO_socket,
>>     BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept.
>>     The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram
>>     have been adapted accordingly.
>>     [Richard Levitte]
>
> One solution you have, therefore, is to install the source code for OpenSSL 
> 1.1.1 or 1.0.2n into compat/openssl under the Fossil source tree, build the 
> library, then reconfigure Fossil, adding --with-openssl=tree to whatever 
> other options you’d normally use.
>
> You may need to add this to your ~/.profile:
>
>     export SSL_CERT_DIR=/etc/ssl/certs
>
> This non-platform version of OpenSSL will not be able to find your platform 
> CA certificate store otherwise.
>
> Another solution is simply to disable IPv6 everywhere in your system.
>
> A third solution would be to lean on Debian/Raspbian/Ubuntu, etc. to backport 
> this fix from 1.1.1 to 1.1.0f.  I don’t hold out much hope on this since the 
> fix is described as a “rewrite” of a core I/O library.
>
> Therefore, a fourth solution is to simply ignore it until 2020 or so, by 
> which time you should have a new version of your stable OS’s core libraries, 
> as long as you’re willing to upgrade at that time.

Fifth solution: don't use TLS for this repo when you're using that platform.


-- 
-------
inum: 883510009027723
sip: jungleboo...@sip2sip.info
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Reply via email to