3 Jul
2022
3 Jul
'22
7:55 a.m.
On 2022/07/03 04:42 PM, Dr. Nikolaus Klepp wrote:
This is interesting. Why does the old version work,
but not the new one? This is what I get on my system with new openssl and old tdelibs:
$ fgrep "SSL_get_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0
/usr/lib/x86_64-linux-gnu/libssl.so
grep: /opt/trinity/lib/libtdeio.so.14.0.0: binary file matches
$ fgrep "SSL_get1_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0
/usr/lib/x86_64-linux-gnu/libssl.so
grep: /usr/lib/x86_64-linux-gnu/libssl.so: binary file matches
Now kmail works, but it should not, should it?
Nik
Hi Nik,
In openSSL 1.1 there is a function called "SSL_get_peer_certificate" which is
part of the public API.
In openSSL 3.0, "SSL_get_peer_certificate" is an alias to
SSL_get1_peer_certificate and the symbol is not exported in
libssl.so.3 ("SSL_get1_peer_certificate" is exported).
Prior to the mentioned PR, TDE was looking for "SSL_get_peer_certificate" and
could not find it if openSSL 3.0 was in use.
Therefore the old version worked, the newer one didn't.
Cheers
Michele