Re: Creality don't sound great (Was: Re: Is it possible to downgrade openssl?)

[Patrick Wiseman]

On Sun, Jul 30, 2023 at 11:33 AM Dan Ritter  wrote:

> Andy Smith wrote:
> >
> > Sounds like an absolutely shit-tier company. I hope there are
> > alternatives in the 3d-printing world, a world that I know almost
> > nothing about.
>
> Many, but Creality makes really cheap 3D printers, so
> lots of people buy them.
>

I think it would be fairer to say that they make inexpensive 3D printers.
The hardware is generally of good quality. And they just sent me a working
version of the AppImage which had been segfaulting, so not entirely
unresponsive (if a bit slow to respond).

Patrick

Re: Creality don't sound great (Was: Re: Is it possible to downgrade openssl?)

[Dan Ritter]

Andy Smith wrote: 
> 
> Sounds like an absolutely shit-tier company. I hope there are
> alternatives in the 3d-printing world, a world that I know almost
> nothing about.

Many, but Creality makes really cheap 3D printers, so
lots of people buy them.

-dsr-

Creality don't sound great (Was: Re: Is it possible to downgrade openssl?)

[Andy Smith]

Hello,

On Sun, Jul 30, 2023 at 08:11:38AM -0400, Patrick Wiseman wrote:
> But Creality apparently disapproves of the hack and so has
> disabled it in the latest firmware.

So what I have learned from this thread is that there is a company
called Creality which:

- Supplies known-broken AppImages on devices costing hundreds of $
  and then doesn't respond to support requests
- Spends time making it so that people can't replace the software
  they have supplied with other software that works
- Voids warranty on said devices if they hear you have changed any
  of the components, this on a device that is designed to allow
  people to make things

Sounds like an absolutely shit-tier company. I hope there are
alternatives in the 3d-printing world, a world that I know almost
nothing about.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Is it possible to downgrade openssl?

[Patrick Wiseman]

On Sat, Jul 29, 2023 at 10:42 PM Max Nikulin  wrote:

>
> On 30/07/2023 05:16, Patrick Wiseman wrote:
> > I'd already reached the conclusion that messing with openssl was a bad
> > idea. Unfortunately, Creality is unresponsive to pleas to fix their
> > software.
>
> I have no experience with 3d printers at all, but I am curious
> concerning any progress with a suggestion from another thread:
>
> Patrick Wiseman. Re: qt.network.ssl problems (OT?) Wed, 21 Jun 2023
> 10:35:57 -0400.
>
> https://lists.debian.org/msgid-search/CAJVvKsO_MubTQidcQZ+vSNkYmO=sqghvvno0nlzu8ohxch7...@mail.gmail.com
>
> > Turns out that the K1 printer is Klipper under the hood and there's a
> > way to hack it to gain full access (so I don't need the broken app).
>

This is veering way off topic ... but, since you ask :)

It's true that the K1 is Klipper (one of several flavors of 3D printer
software) under the hood, and I have used the hack to get to it. But
Creality apparently disapproves of the hack and so has disabled it in the
latest firmware. For now, I'm living with the older firmware and the very
useful hack, but I might not need to do that if their software worked on my
laptop. Hence my attempts to get it working. (Creality has historically
been good about open source hardware and software, so I'm not sure what
they're up to with this particular printer.)

Cheers
Patrick

Re: Is it possible to downgrade openssl?

[gene heskett]

On 7/29/23 13:52, Patrick Wiseman wrote:

On Sat, Jul 29, 2023 at 10:42 AM  wrote:


Eduardo M KALINOWSKI  wrote:

On 28/07/2023 17:04, Patrick Wiseman wrote:

I have an AppImage from Creality which segfaults with a QT ssl
error. Googling tells me that the latest version of OpenSSL (3.x)
omits some X509 functionality, which can be found in OpenSSL-1.1.
(And someone reports that installing it solves the problem.) But I
can't find that package. Is there any way to revert to an earlier
version of OpenSSL? I'm on an up-to-date bookworm system.


AppImages bundle all the libraries used by the application, so
changing the "system" version of openssl probably won't work.


It sounds like you need to contact Creality to update the AppImage.
Although

https://forum.manjaro.org/t/creality-slicer-appimage-not-loading-qt-network-ssl-errors/143726
suggests that the AppImage does not contain the OpenSSL library.

But the only 'omission' of X.509 functionality that I can see on
https://www.openssl.org/news/openssl-3.0-notes.html is
"X509 certificates signed using SHA1 are no longer allowed at security
level 1 or higher. The default security level for TLS is 1, so
certificates signed using SHA1 are by default no longer trusted to
authenticate servers or clients."

I'm not sure I'd want to be deliberately trying to undo a security
upgrade.

I'm sure you're right. Contacting Creality is a fool's game; they've been

alerted to the problem since they released the software, so I'll just have
to be patient.


Contacting Creality with a problem also nullify's any warranty you may 
have thought you had. I replaced a broken plastic ejector on an E5+ with 
the exact same item made of metal, from the same injection dies that 
made the plastic one and that they sell.  The first thing they did was 
cancel the warranty on that serial number because it was a non-stock 
part I had installed. They would have a cow if they knew what I'm doing 
to it now.


However, An E5-S1 is the best small sub $600 printer ever.  On its 3rd 
roll of PETG now, its slinging great parts at me. Minor adjustments of 
course but it Just Works.


Thanks to all for your suggestions.

Patrick



Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Is it possible to downgrade openssl?

[Max Nikulin]

On 30/07/2023 05:16, Patrick Wiseman wrote:
I'd already reached the conclusion that messing with openssl was a bad 
idea. Unfortunately, Creality is unresponsive to pleas to fix their 
software.


I have no experience with 3d printers at all, but I am curious 
concerning any progress with a suggestion from another thread:


Patrick Wiseman. Re: qt.network.ssl problems (OT?) Wed, 21 Jun 2023 
10:35:57 -0400.

https://lists.debian.org/msgid-search/CAJVvKsO_MubTQidcQZ+vSNkYmO=sqghvvno0nlzu8ohxch7...@mail.gmail.com


Turns out that the K1 printer is Klipper under the hood and there's a
way to hack it to gain full access (so I don't need the broken app).

Re: Is it possible to downgrade openssl?

[Patrick Wiseman]

On Sat, Jul 29, 2023, 6:03 PM Andy Smith  wrote:

> Hello,
>
> On Fri, Jul 28, 2023 at 04:14:30PM -0400, Patrick Wiseman wrote:
> > On Fri, Jul 28, 2023, 4:10 PM Brian  wrote:
> > > On Fri 28 Jul 2023 at 16:04:10 -0400, Patrick Wiseman wrote:
> > > > any way to revert to an earlier version of OpenSSL? I'm on an
> up-to-date
> > > > bookworm system.
> > >
> > > Install from https://snapshot.debian.org/.
> >
> > Thanks for the quick reply. I'll try that as soon as I get back to the
> box.
>
> You've been handed a very effective footgun with no further
> instructions. Please do not replace your system's openssl package
> with an older one unless you know exactly what you are doing. In all
> likelihood you will completely break your whole system. Tons of
> things link to openssl.
>
> AppImages are supposed to include the libraries they depend upon,
> though I don't use them so am not sure about this, but if that is
> true then I think it's unlikely that your AppImage is using the
> system openssl anyway.
>
> You really need to get support from the supplier of the package.
>

I'd already reached the conclusion that messing with openssl was a bad
idea. Unfortunately, Creality is unresponsive to pleas to fix their
software. A Googled source claimed the problem was fixed by installation of
an earlier version of openssl, but I'm glad I asked here before trying that!

I'm mostly a lurker here but always impressed with how patiently helpful
y'all are.

Thanks for being here!

Cheers
Patrick

Re: Is it possible to downgrade openssl?

[Andy Smith]

Hello,

On Fri, Jul 28, 2023 at 04:14:30PM -0400, Patrick Wiseman wrote:
> On Fri, Jul 28, 2023, 4:10 PM Brian  wrote:
> > On Fri 28 Jul 2023 at 16:04:10 -0400, Patrick Wiseman wrote:
> > > any way to revert to an earlier version of OpenSSL? I'm on an up-to-date
> > > bookworm system.
> >
> > Install from https://snapshot.debian.org/.
> 
> Thanks for the quick reply. I'll try that as soon as I get back to the box.

You've been handed a very effective footgun with no further
instructions. Please do not replace your system's openssl package
with an older one unless you know exactly what you are doing. In all
likelihood you will completely break your whole system. Tons of
things link to openssl.

AppImages are supposed to include the libraries they depend upon,
though I don't use them so am not sure about this, but if that is
true then I think it's unlikely that your AppImage is using the
system openssl anyway.

You really need to get support from the supplier of the package.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Is it possible to downgrade openssl?

[Patrick Wiseman]

On Sat, Jul 29, 2023 at 10:42 AM  wrote:

> Eduardo M KALINOWSKI  wrote:
> > On 28/07/2023 17:04, Patrick Wiseman wrote:
> > > I have an AppImage from Creality which segfaults with a QT ssl
> > > error. Googling tells me that the latest version of OpenSSL (3.x)
> > > omits some X509 functionality, which can be found in OpenSSL-1.1.
> > > (And someone reports that installing it solves the problem.) But I
> > > can't find that package. Is there any way to revert to an earlier
> > > version of OpenSSL? I'm on an up-to-date bookworm system.
> >
> > AppImages bundle all the libraries used by the application, so
> > changing the "system" version of openssl probably won't work.
>
> It sounds like you need to contact Creality to update the AppImage.
> Although
>
> https://forum.manjaro.org/t/creality-slicer-appimage-not-loading-qt-network-ssl-errors/143726
> suggests that the AppImage does not contain the OpenSSL library.
>
> But the only 'omission' of X.509 functionality that I can see on
> https://www.openssl.org/news/openssl-3.0-notes.html is
> "X509 certificates signed using SHA1 are no longer allowed at security
> level 1 or higher. The default security level for TLS is 1, so
> certificates signed using SHA1 are by default no longer trusted to
> authenticate servers or clients."
>
> I'm not sure I'd want to be deliberately trying to undo a security
> upgrade.
>
> I'm sure you're right. Contacting Creality is a fool's game; they've been
alerted to the problem since they released the software, so I'll just have
to be patient.

Thanks to all for your suggestions.

Patrick

Re: Is it possible to downgrade openssl?

[debian-user]

Eduardo M KALINOWSKI  wrote:
> On 28/07/2023 17:04, Patrick Wiseman wrote:
> > I have an AppImage from Creality which segfaults with a QT ssl
> > error. Googling tells me that the latest version of OpenSSL (3.x)
> > omits some X509 functionality, which can be found in OpenSSL-1.1.
> > (And someone reports that installing it solves the problem.) But I
> > can't find that package. Is there any way to revert to an earlier
> > version of OpenSSL? I'm on an up-to-date bookworm system.  
> 
> AppImages bundle all the libraries used by the application, so
> changing the "system" version of openssl probably won't work.

It sounds like you need to contact Creality to update the AppImage.
Although
https://forum.manjaro.org/t/creality-slicer-appimage-not-loading-qt-network-ssl-errors/143726
suggests that the AppImage does not contain the OpenSSL library.

But the only 'omission' of X.509 functionality that I can see on
https://www.openssl.org/news/openssl-3.0-notes.html is 
"X509 certificates signed using SHA1 are no longer allowed at security
level 1 or higher. The default security level for TLS is 1, so
certificates signed using SHA1 are by default no longer trusted to
authenticate servers or clients."

I'm not sure I'd want to be deliberately trying to undo a security
upgrade.

Re: Is it possible to downgrade openssl?

[Eduardo M KALINOWSKI]

On 28/07/2023 17:04, Patrick Wiseman wrote:
I have an AppImage from Creality which segfaults with a QT ssl error. 
Googling tells me that the latest version of OpenSSL (3.x) omits some 
X509 functionality, which can be found in OpenSSL-1.1. (And someone 
reports that installing it solves the problem.) But I can't find that 
package. Is there any way to revert to an earlier version of OpenSSL? 
I'm on an up-to-date bookworm system.


AppImages bundle all the libraries used by the application, so changing 
the "system" version of openssl probably won't work.




--
Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: Is it possible to downgrade openssl?

[Greg Wooledge]

On Fri, Jul 28, 2023 at 09:10:08PM +0100, Brian wrote:
> On Fri 28 Jul 2023 at 16:04:10 -0400, Patrick Wiseman wrote:
> 
> > I have an AppImage from Creality which segfaults with a QT ssl error.
> > Googling tells me that the latest version of OpenSSL (3.x) omits some X509
> > functionality, which can be found in OpenSSL-1.1. (And someone reports that
> > installing it solves the problem.) But I can't find that package. Is there
> > any way to revert to an earlier version of OpenSSL? I'm on an up-to-date
> > bookworm system.
> 
> Install from https://snapshot.debian.org/.

Simply installing libssl1.1 is not going to change the dynamic libraries
used by installed programs.

ii  libssl1.0.2:amd64 1.0.2r-1~deb9u1  amd64Secure Sockets Layer 
toolkit - shared libraries
ii  libssl1.1:amd64   1.1.1n-0+deb11u4 amd64Secure Sockets Layer 
toolkit - shared libraries
ii  libssl1.1:i3861.1.1n-0+deb11u4 i386 Secure Sockets Layer 
toolkit - shared libraries
ii  libssl3:amd64 3.0.9-1  amd64Secure Sockets Layer 
toolkit - shared libraries
ii  libssl3:i386  3.0.9-1  i386 Secure Sockets Layer 
toolkit - shared libraries

If a program (e.g. /usr/bin/openssl) is dynamically linked against
libssl.so.3, then it's going to use libssl3, no matter how many older
versions of libssl with different sonames are installed.

If the issue is something like "libssl3 version 3.0.8-1 works, but
version 3.0.9-1 does not" then yeah, installing an older version of
libssl3 might work around the issue.

Re: Is it possible to downgrade openssl?

[Patrick Wiseman]

On Fri, Jul 28, 2023, 4:10 PM Brian  wrote:

> On Fri 28 Jul 2023 at 16:04:10 -0400, Patrick Wiseman wrote:
>
> > I have an AppImage from Creality which segfaults with a QT ssl error.
> > Googling tells me that the latest version of OpenSSL (3.x) omits some
> X509
> > functionality, which can be found in OpenSSL-1.1. (And someone reports
> that
> > installing it solves the problem.) But I can't find that package. Is
> there
> > any way to revert to an earlier version of OpenSSL? I'm on an up-to-date
> > bookworm system.
>
> Install from https://snapshot.debian.org/.
>

Thanks for the quick reply. I'll try that as soon as I get back to the box.

Patrick

>

Re: Is it possible to downgrade openssl?

[Brian]

On Fri 28 Jul 2023 at 16:04:10 -0400, Patrick Wiseman wrote:

> I have an AppImage from Creality which segfaults with a QT ssl error.
> Googling tells me that the latest version of OpenSSL (3.x) omits some X509
> functionality, which can be found in OpenSSL-1.1. (And someone reports that
> installing it solves the problem.) But I can't find that package. Is there
> any way to revert to an earlier version of OpenSSL? I'm on an up-to-date
> bookworm system.

Install from https://snapshot.debian.org/.

-- 
Brian.

Is it possible to downgrade openssl?

[Patrick Wiseman]

I have an AppImage from Creality which segfaults with a QT ssl error.
Googling tells me that the latest version of OpenSSL (3.x) omits some X509
functionality, which can be found in OpenSSL-1.1. (And someone reports that
installing it solves the problem.) But I can't find that package. Is there
any way to revert to an earlier version of OpenSSL? I'm on an up-to-date
bookworm system.

Thanks
Patrick