The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release
** Changed in: openssl (Ubuntu Precise)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: openssl
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail on sites which immediately close the connection if
Workaround for PHP to make it work need to disable SSL check by adding
this params to SoapClient
stream_context = stream_context_create(
array(
'ssl' = array(
'verify_peer' = false,
'verify_peer_name' = false,
)
)
** Changed in: openssl (Ubuntu Precise)
Assignee: Colin Watson (cjwatson) = (unassigned)
** Changed in: openssl (Ubuntu Precise)
Milestone: ubuntu-12.04 = None
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Nevermind. I installed Ubuntu 13.04 and now everything works fine (ran
successfully my scripts using the pre-installed Python 3.3). Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
Hello! I'd like to know if there's a workaround for Python 3.2. I have
searched the entire web for the past days and I haven't found a
straightforward answer to my problem.
The only thing I know is that Python 3.4 tackles the problem (but it is
still in beta).
WHAT'S NEW IN PYTHON 3.4
Is anyone aware of a workaround to make Python's urllib/urllib2 use
tls1?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail on sites which immediately close the
@chrisspen: Python workaround
import httplib
import socket
import ssl
def connect(self):
Connect to a host on a given (SSL) port.
sock = socket.create_connection((self.host, self.port),
self.timeout, self.source_address)
if self._tunnel_host:
Thanks Edward. Now I'm getting a BadStatusLine error, but that might be
caused by a different problem.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail on sites which
This is happening when connecting to SoftLayer as well. I've filed a bug
with them here: https://github.com/softlayer/softlayer-object-storage-
python/issues/17
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This bug's scope is definitely wider than PHP and Python. The simple
fix is to disable TLS 1.1. This would provide a real fix to a real
problem; on the other hand, it would create a theoretical problem with
a protocol that isn't even universally supported and isn't required
anywhere. Until this
It appears now I've been bitten by this bug in Apache. I run a pair of
reverse proxy servers on 12.04 using Apache. I built these servers last
year and they were working fine up until last week when I ran a dist-
upgrade to update some packages (specifically apache2 and openssl) to
clear up some
Lately I've been getting more comments calling me a lifesaver[1] for
posting a workaround related to this bug; it's obviously getting more
attention as more people get up to date. Maybe it's time for one of us to
climb upstream and bang on some patches?
[1]
@bradley-will: I appreciate the helpful suggestion, but the PHP libs I
am interested in are not in any way related to SOAP or PHP's
implementation of SoapClient.
The thing I'm interested in is LDAP. There is a chain of libraries that
PHP uses to get LDAPS working.
PHP - uses OpenLDAP - which
This bug still exists in 12.04. My understanding of the technical
details of this bug is a bit shallow, so some of my questions, below,
may reflect that.
It affects other libraries which use or are recompiled against this
library.
In my case, I am having an issue with the OpenLDAP libs which
Thanks to blueskirt3k.
The workaround in
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/comments/9
works for my application using Python 2.7 on 12.10.
I changed /usr/lib/python2.7/httplib.py accordingly.
--
You received this bug notification because you are a member of Ubuntu
this seems to be related:
http://rt.openssl.org/Ticket/Display.html?id=2811
Changes between 1.0.1c and 1.0.1d [xx XXX ]
*) Fix possible deadlock when decoding public keys.
[Steve Henson]
*) Don't use TLS 1.0 record version number in initial client hello
if renegotiating.
I have replaced my calls to
$content = file_get_contents($url);
with a curl call...
$curl = curl_init($url);
if (is_resource($curl) === true)
{
curl_setopt($curl, CURLOPT_FAILONERROR, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
Those having problems with repo upload on Gerrit can workaround the
bug by doing a change similar to comment #9 but using
ssl_version=ssl.PROTOCOL_SSLv3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Are there any plans on fixing this issue? I have a new Nagios server I
am trying to get all setup and can't get it completed until this fix is
implemented. I tried the editing of the python file but it does not seem
to work for my nagios plugin to monitor osx server services. This is an
LTS
No, there are no current plans on fixing this issue. This is an issue
with certain servers that don't support tls 1.1 negotiation. Please
either update your server, or disable tls 1.1 in your client.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
This is an LTS release, as such it is very important that TLS 1.1
support remain enabled.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail on sites which immediately
KillerKellerjr are you refering to http://code.google.com/p/libsrvrmgrd-
osx/ ? That's my plugin. I've had someone edit the file to fix the issue
http://code.google.com/p/libsrvrmgrd-osx/issues/detail?id=16
If you want to join in to that bug I can try help you there...
Marc, I think the issue is
Congratulations, all! This consumed ~20 hours of time isolating and
fixing a bug in what's supposed to be 6-month-old LTS release. I see
it's supposedly got a fix released and triaged, but the milestone is 6
months old and Colin doesn't seem sure if this is still an issue. I can
confirm it is on
This affects me too.
AquaQuieta seems to suggest a good interim solution. I'm surprised
openssl.cnf doesn't already allow this functionality.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Like the bug says:
openssl s_client -connect soap.example.org:443
fails because Secure Renegotiation IS NOT supported
but I can connect with :
openssl s_client -tls1 -connect soap.example.org:443
Unfortunately, this doesn't help me at all. I have a PHP script using
SoapClient, and although
Don't now if it's related or not (but it seems).
Our 12.04.1 server up-to-date can't connect to graph.facebook.com :
$ curl -v https://graph.facebook.com/oauth/access_token
* About to connect() to graph.facebook.com port 443 (#0)
* Trying 69.63.189.71... connected
* successfully set
This bug stops gerrit 2.4.2 from working on 12.04. I receive the error:
urlopen error [Errno 8] _ssl.c:504: EOF occurred in violation of
protocol
(posted due to the slight variation in line number)
I have tried updating to the 1.0.1-4ubuntu5.5 proposed package, but that
doesn't help.
--
You
gerrit 2.4.2 with the repo command still fails with the upstream Debian
package of libssl1.0.0_1.0.1c-4_amd64.deb and openssl_1.0.1c-4_amd64.deb
I also tried the 1.0.1-4ubuntu3 packages and they don't work for this
either.
Does this mean gerrit is broken or the apache in ubuntu 12.04 or both?
--
For Wine, https://github.com/miurahr/wine/commits/wininet-submit and
http://bugs.winehq.org/show_bug.cgi?id=30598 may help. I'm also using
Evernote and can use it now with my patch.
I proposed disabling TLS1.1/1.2 by defaut in Wine as same behavior as Windows
and support switch to enable it.
Manually installing Quantal packages on Precise do not fix the issue
with Evernote not being able to connect to the server.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS
+1 Adam
I really can't understand why is there still no response or activity
from the Ubuntu team? This is really astounding that we haven't had this
addressed, to Adam's point, you don't want to break the experience of
users trying to upgrade...
I've commented here, I've emailed the Bug owner
The server is at fault for failing to negotiate correctly.
However, from the user experience perspective, the problem happens
because of upgrading Ubuntu. The problem doesn't exist in Oneiric. The
problem does exist in Oneiric. Also, Precise is a Long Term Support
release. LTS releases are
Fixed in quantal with recent syncs with Debian
** Changed in: openssl (Ubuntu)
Status: Triaged = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail
** Changed in: openssl (Ubuntu)
Milestone: ubuntu-12.04 = None
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail on sites which immediately close the connection if
Just to clarify, www.mediafire.com port 443 still fails in quantal, but
as has been suggested before, this is the server's problem by crashing
the connection rather than backward negotiating it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
I've long wondered how to escalate important bugs that are neglected.
My best guess would be to choose some responsive Ubuntu maintainers or
project leaders and subscribe them to the bug, but I suppose that could
end up annoying some people who can't do anything about it.
Frankly, I think Bug #1
I wrote to Colin about this, but I haven't received a response.
Does anyone know if we can escalate this to someone else at Ubuntu?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
In Ubuntu 11.10, Evernote works correctly in Wine. In Ubuntu 12.04, it
fails to sync because of this bug:
err:wininet:NETCON_secure_connect SSL_connect failed: 12157
According to
https://groups.google.com/d/msg/mailing.postfix.users/75pH1hGb1P8/bw_P6V5U_boJ:
The OpenSSL API does not provide an
Here is a thread on Evernote's developer forum about this bug:
http://discussion.evernote.com/topic/26872-ssl-issue-with-evernotes-
servers/ On June 11, an Evernote developer said they were aware of the
issue. No fix yet.
--
You received this bug notification because you are a member of Ubuntu
So the whole world is moving to TLS 1.1 and 1.2, and Evernote's server
isn't compatible. How is this a Ubuntu bug?
What do you propose we do? Disable TLS 1.1 and 1.2, which will prevent
Ubuntu from working with newer sites that will start requiring it, just
to fix Evernote's broken server?
--
I think it is important to point out that Evernote is not the only issue
here. I am having problems with the new OpenSSL and connecting to at
least one credit processing gateway (Try and get banking systems to
update their SSL implementations). Here is a link to a simple ruby
script that is
@Jeff: Your ruby script works for me on precise with the openssl version
in -proposed. I think you have a different issue that was fixed with the
openssl update.
mdeslaur@mdlinux:/tmp$ ruby https_get.rb
opening connection to secure.mmoagateway.com...
opened
- POST /api/transact.php
Actually, it's working for me with the openssl version that released
with precise, as well as the version currently in -updates.
@Jeff: what version is your script failing on?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Here is a my warkaround patch for evernote's thrift lib (python2.7, ubuntu
12.04)
http://goo.gl/N0KIm
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail on sites which
Another server this fails for is Google Appengine. If Ubuntu aren't
going to fix openssl then please at least change Python standard
libraries to work around it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
On Sat, Jul 7, 2012 at 8:50 AM, Marc Deslauriers
marc.deslauri...@canonical.com wrote:
So the whole world is moving to TLS 1.1 and 1.2, and Evernote's server
isn't compatible. How is this a Ubuntu bug?
I'm no expert on TLS, but surely it's an exaggeration to say that the
whole world is moving
@Marc One distinction that I forgot to mention is that I am using ruby
1.9.2 (from either rbenv or rvm). Here are the following situations
where the script works and fails.
Ubuntu 12.04 + openssl in updates + stock ruby 1.8.7: Pass
Ubuntu 12.04 + openssl in updates + compiled ruby 1.9.3: Fail
Kiril: where do you put this?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail on sites which immediately close the connection if
TLS 1.1 negotiation is attempted,
If you use Evernote API or other service that requires TLSv1, you can use next
monkey patch http://pastebin.com/PdfQAJQ8 and call it like:
from opensslpatch import HTTPSConnection
http.client.HTTPSConnection = HTTPSConnection
I apologize if it was the obvious solution, but one man ask me how to
I see from some of the comments that this is the Evernote Can't connect
to server bug. Is that so? Will there be a fix released soon - it
seems progress has stalled on this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The upstream Debian bug is fixed.
Is there an ETA for an Ubuntu release with this fix?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail on sites which immediately
Anyone knows a way to downgrade only openssl without breaking things and
without having to downgrade to 11.10? This is not an option for me,
unfortunely, and I really need this program.
2012/5/27 Jaakko 965...@bugs.launchpad.net
Any progress on this? The bug is still present in Ubuntu 12.04.
Any progress on this? The bug is still present in Ubuntu 12.04.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail on sites which immediately close the connection if
** Summary changed:
- HTTPS requests fail on some sites on Ubuntu 12.04
+ HTTPS requests fail on sites which immediately close the connection if TLS
1.1 negotiation is attempted, on Ubuntu 12.04
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
55 matches
Mail list logo
