Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openssl (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2055304
Title:
Right, that was with curl and wget from Ubuntu archive. I got some
documentation finally, to set up the corporate client and the ssl
connection works basically.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
There are several reasons a program can skip loading the openssl
configuration unfortunately: env vars pointing to another file, apparmor
preventing loading, library initilization skipping it, ...
Is the program that ignores the openssl configuration file in the Ubuntu
archive? Or public?
--
Actually, it seems that most programs ignore the openssl.cnf anyway for
security(?) reasons. Played a bit with MinTlsVersion and it did not
change the request which is being sent. Luckily I could ask the DevOps
for the nginx versions used and they have versions with the openssl 3
fix; that comes
Thanks for continued investigation.
A reproducer would be valuable as it would allow me to verify
independently the patch is effective, within the limits of the
understanding of the situation of course and that can be especially
time-consuming when not having access to the remote server. :/
A
Hi Adrien, this is some corporate setup with Zscaler proxy and nginx
servers or reverse-proxies inbetween. I cannot say for sure how exactly
the servers are setup. The patch just adds the possiblity to set the
IgnoreUnexpectedEOF option to the config file by user. The config file
itself I would
The attachment "Add IgnoreUnexpectedEOF as configuration option for
3.0.2-0ubuntu1.15" seems to be a patch. If it isn't, please remove the
"patch" flag from the attachment, remove the "patch" tag, and if you are
a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated
Thanks for the report. I am reluctant to backport this as I'm not sure
it makes a lot of sense system-wide. Curl upstream didn't seem happy
with enabling this work-around even in 2021. It seems the reason to
integrate this would be to be able to ignore this despite curl not
ignoring it nor
