3 Jul
2022
3 Jul
'22
9:49 a.m.
Anno domini 2022 Sun, 3 Jul 16:55:22 +0900
Michele Calgaro via tde-users scripsit:
On 2022/07/03 04:42 PM, Dr. Nikolaus Klepp wrote:
Oh, I was unclear: tdelibs s640 works on my system with openSSL 3.0 (no openSSL 1.1).
tdelibs s641 and s642 do not work on the very system. That's what I find kind of odd.
Nik
This is interesting. Why does the old version
work, but not the new one? This is what I get on my system with new openssl and old
tdelibs:
$ fgrep "SSL_get_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0
/usr/lib/x86_64-linux-gnu/libssl.so
grep: /opt/trinity/lib/libtdeio.so.14.0.0: binary file matches
$ fgrep "SSL_get1_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0
/usr/lib/x86_64-linux-gnu/libssl.so
grep: /usr/lib/x86_64-linux-gnu/libssl.so: binary file matches
Now kmail works, but it should not, should it?
Nik
Hi Nik,
In openSSL 1.1 there is a function called "SSL_get_peer_certificate" which is
part of the public API.
In openSSL 3.0, "SSL_get_peer_certificate" is an alias to
SSL_get1_peer_certificate and the symbol is not exported in
libssl.so.3 ("SSL_get1_peer_certificate" is exported).
Prior to the mentioned PR, TDE was looking for "SSL_get_peer_certificate" and
could not find it if openSSL 3.0 was in use.
Therefore the old version worked, the newer one didn't.
Cheers
Michele
--
Please do not email me anything that you are not comfortable also sharing with the NSA,
CIA ...