On 2 February 2018 at 07:08, Warren Young <war...@etr-usa.com> wrote:
> On Sep 16, 2017, at 12:57 PM, John Found <johnfo...@asm32.info> wrote:
>> On Sat, 16 Sep 2017 13:44:51 -0500
>> Andy Goth <andrew.m.g...@gmail.com> wrote:
>>> Please type "openssl version" and let us know what it prints.
>> OpenSSL 1.1.0f 25 May 2017
> There’s a known bug in that version of OpenSSL which was fixed in the very
> next version, 1.1.1.
> Quoting from the OpenSSL 1.1.1 ChangeLog:
>> *) Rewrite of BIO networking library. The BIO library lacked consistent
>> support of IPv6, and adding it required some more extensive
>> modifications. This introduces the BIO_ADDR and BIO_ADDRINFO types,
>> which hold all types of addresses and chains of address information.
>> It also introduces a new API, with functions like BIO_socket,
>> BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept.
>> The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram
>> have been adapted accordingly.
>> [Richard Levitte]
> One solution you have, therefore, is to install the source code for OpenSSL
> 1.1.1 or 1.0.2n into compat/openssl under the Fossil source tree, build the
> library, then reconfigure Fossil, adding --with-openssl=tree to whatever
> other options you’d normally use.
> You may need to add this to your ~/.profile:
> export SSL_CERT_DIR=/etc/ssl/certs
> This non-platform version of OpenSSL will not be able to find your platform
> CA certificate store otherwise.
> Another solution is simply to disable IPv6 everywhere in your system.
> A third solution would be to lean on Debian/Raspbian/Ubuntu, etc. to backport
> this fix from 1.1.1 to 1.1.0f. I don’t hold out much hope on this since the
> fix is described as a “rewrite” of a core I/O library.
> Therefore, a fourth solution is to simply ignore it until 2020 or so, by
> which time you should have a new version of your stable OS’s core libraries,
> as long as you’re willing to upgrade at that time.
Fifth solution: don't use TLS for this repo when you're using that platform.
fossil-users mailing list