30 Jun
2022
30 Jun
'22
4:27 p.m.
Hi Slavek!
On Tuesday 14 of June 2022 10:04:17 Dr. Nikolaus Klepp
wrote:
...
Hi Nik,
the "WARNING: SSL_get_peer_certificate not defined!" message makes it aware
that this is related to the OpenSSL library update - the KSSL module
failed to find the necessary functions in the library.
This will require to check the compatibility of the new SSL library API and
make the necessary modifications in the code. Thank you for the warning!
Cheers
--
Slávek
(Looks like some mails didn't make it to the list.)
This is the last version of tdelibs14-trinity that results in kmail beeing able to use
pop3 and smtp:
tdelibs14-trinity_4%3a14.1.0~s640-0debian12.0.0+18~a_amd64.deb
All newer versions break. I just tried with
tdelibs-trinity_4%3a14.1.0~s642-0debian12.0.0+18~a_all.deb
IMO the OpenSSL update has nothing to do with it, otherwise the older versions should
break, not the newer versions.
Nik
--
Please do not email me anything that you are not comfortable also sharing with the NSA,
CIA ...
3 Jul
3 Jul
5:38 a.m.
On 2022/07/01 01:27 AM, Dr. Nikolaus Klepp wrote:
Hi Slavek!
Hi Nik,
if you are able to build packages yourself, please try this PR and let me know if it works
for you.
Konqueror works fine now but not sure about kmail.
https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs/pulls/175
If you can't build your packages, then please wait this this PR is merged and new
packages are available. The problem is
indeed related to openSSL 3.0 being now in debian testing and changing some of their
API.
Cheers
Michele
On Tuesday 14 of June 2022 10:04:17 Dr. Nikolaus
Klepp wrote:
...
Hi Nik,
the "WARNING: SSL_get_peer_certificate not defined!" message makes it aware
that this is related to the OpenSSL library update - the KSSL module
failed to find the necessary functions in the library.
This will require to check the compatibility of the new SSL library API and
make the necessary modifications in the code. Thank you for the warning!
Cheers
--
Slávek
(Looks like some mails didn't make it to the list.)
This is the last version of tdelibs14-trinity that results in kmail beeing able to use
pop3 and smtp:
tdelibs14-trinity_4%3a14.1.0~s640-0debian12.0.0+18~a_amd64.deb
All newer versions break. I just tried with
tdelibs-trinity_4%3a14.1.0~s642-0debian12.0.0+18~a_all.deb
IMO the OpenSSL update has nothing to do with it, otherwise the older versions should
break, not the newer versions.
Nik
7:42 a.m.
Anno domini 2022 Sun, 3 Jul 14:38:26 +0900
Michele Calgaro via tde-users scripsit:
On 2022/07/01 01:27 AM, Dr. Nikolaus Klepp wrote:
I can build for FreeBSD, but I never managed to do this for devuan :/
Hi Slavek!
Hi Nik,
if you are able to build packages yourself, please try this PR and let me know if it
works for you.
Konqueror works fine now but not sure about kmail.
https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs/pulls/175 On Tuesday 14 of June 2022 10:04:17 Dr. Nikolaus
Klepp wrote:
...
Hi Nik,
the "WARNING: SSL_get_peer_certificate not defined!" message makes it aware
that this is related to the OpenSSL library update - the KSSL module
failed to find the necessary functions in the library.
This will require to check the compatibility of the new SSL library API and
make the necessary modifications in the code. Thank you for the warning!
Cheers
--
Slávek
(Looks like some mails didn't make it to the list.)
This is the last version of tdelibs14-trinity that results in kmail beeing able to use
pop3 and smtp:
tdelibs14-trinity_4%3a14.1.0~s640-0debian12.0.0+18~a_amd64.deb
All newer versions break. I just tried with
tdelibs-trinity_4%3a14.1.0~s642-0debian12.0.0+18~a_all.deb
IMO the OpenSSL update has nothing to do with it, otherwise the older versions should
break, not the newer versions.
Nik
If you can't build your packages, then please wait
this this PR is merged and new packages are available. The problem is
indeed related to openSSL 3.0 being now in debian testing and changing some of their API.
This is interesting. Why does the old version work, but not the new one? This is what I
get on my system with new openssl and old tdelibs:
$ fgrep "SSL_get_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0
/usr/lib/x86_64-linux-gnu/libssl.so
grep: /opt/trinity/lib/libtdeio.so.14.0.0: binary file matches
$ fgrep "SSL_get1_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0
/usr/lib/x86_64-linux-gnu/libssl.so
grep: /usr/lib/x86_64-linux-gnu/libssl.so: binary file matches
Now kmail works, but it should not, should it?
Nik
Cheers
Michele
--
Please do not email me anything that you are not comfortable also sharing with the NSA,
CIA ...
7:55 a.m.
On 2022/07/03 04:42 PM, Dr. Nikolaus Klepp wrote:
This is interesting. Why does the old version work,
but not the new one? This is what I get on my system with new openssl and old tdelibs:
$ fgrep "SSL_get_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0
/usr/lib/x86_64-linux-gnu/libssl.so
grep: /opt/trinity/lib/libtdeio.so.14.0.0: binary file matches
$ fgrep "SSL_get1_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0
/usr/lib/x86_64-linux-gnu/libssl.so
grep: /usr/lib/x86_64-linux-gnu/libssl.so: binary file matches
Now kmail works, but it should not, should it?
Nik
Hi Nik,
In openSSL 1.1 there is a function called "SSL_get_peer_certificate" which is
part of the public API.
In openSSL 3.0, "SSL_get_peer_certificate" is an alias to
SSL_get1_peer_certificate and the symbol is not exported in
libssl.so.3 ("SSL_get1_peer_certificate" is exported).
Prior to the mentioned PR, TDE was looking for "SSL_get_peer_certificate" and
could not find it if openSSL 3.0 was in use.
Therefore the old version worked, the newer one didn't.
Cheers
Michele
9:49 a.m.
Anno domini 2022 Sun, 3 Jul 16:55:22 +0900
Michele Calgaro via tde-users scripsit:
On 2022/07/03 04:42 PM, Dr. Nikolaus Klepp wrote:
Oh, I was unclear: tdelibs s640 works on my system with openSSL 3.0 (no openSSL 1.1).
tdelibs s641 and s642 do not work on the very system. That's what I find kind of odd.
Nik
This is interesting. Why does the old version
work, but not the new one? This is what I get on my system with new openssl and old
tdelibs:
$ fgrep "SSL_get_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0
/usr/lib/x86_64-linux-gnu/libssl.so
grep: /opt/trinity/lib/libtdeio.so.14.0.0: binary file matches
$ fgrep "SSL_get1_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0
/usr/lib/x86_64-linux-gnu/libssl.so
grep: /usr/lib/x86_64-linux-gnu/libssl.so: binary file matches
Now kmail works, but it should not, should it?
Nik
Hi Nik,
In openSSL 1.1 there is a function called "SSL_get_peer_certificate" which is
part of the public API.
In openSSL 3.0, "SSL_get_peer_certificate" is an alias to
SSL_get1_peer_certificate and the symbol is not exported in
libssl.so.3 ("SSL_get1_peer_certificate" is exported).
Prior to the mentioned PR, TDE was looking for "SSL_get_peer_certificate" and
could not find it if openSSL 3.0 was in use.
Therefore the old version worked, the newer one didn't.
Cheers
Michele
--
Please do not email me anything that you are not comfortable also sharing with the NSA,
CIA ...
11:30 a.m.
On 2022/07/03 06:49 PM, Dr. Nikolaus Klepp wrote:
Oh, I was unclear: tdelibs s640 works on my system
with openSSL 3.0 (no openSSL 1.1). tdelibs s641 and s642 do not work on the very system.
That's what I find kind of odd.
Nik
Uhm... that sounds a bit weird.
tdelibs 640 is from a commit on June 8. openssl 3.0 was migrated to debian testing on June
11.
I guess tdelibs 640 was still dependent on openssl 1.1 and therefore it worked fine, while
more recent versions of
tdelibs were dependent on openssl 3 and therefore didn't work anymore.
Cheers
Michele
4 Jul
4 Jul
12:31 a.m.
On Sunday 03 of July 2022 13:30:17 Michele Calgaro via tde-users wrote:
On 2022/07/03 06:49 PM, Dr. Nikolaus Klepp wrote:
Hi Nik,
yes, that's exactly as Michele says. And it is not weird at all, but
expected. Because in R14.1.0~pre have tdelibs (unwanted) fixed dependence
on libssl, for versions <= ~s640 there was hard linking on libssl1.1 (>=
1.1.0), while for newer builds there is hard linking on libssl3 (>= 3.0.0)
and therefore the problem of incomatility has manifested itself only with
newer builds. And Michele's patch solves this problem of incompatibility.
Cheers
--
Slávek
Oh, I was unclear: tdelibs s640 works on my
system with openSSL 3.0
(no openSSL 1.1). tdelibs s641 and s642 do not work on the very
system. That's what I find kind of odd.
Nik
Uhm... that sounds a bit weird.
tdelibs 640 is from a commit on June 8. openssl 3.0 was migrated to
debian testing on June 11. I guess tdelibs 640 was still dependent on
openssl 1.1 and therefore it worked fine, while more recent versions of
tdelibs were dependent on openssl 3 and therefore didn't work anymore.
Cheers
Michele
3 Jul
3 Jul
7:48 a.m.
(Looks like some mails didn't make it to the list.)
This is the last version of tdelibs14-trinity that results in kmail beeing able to use
pop3 and smtp:
tdelibs14-trinity_4%3a14.1.0~s640-0debian12.0.0+18~a_amd64.deb
All newer versions break. I just tried with
tdelibs-trinity_4%3a14.1.0~s642-0debian12.0.0+18~a_all.deb
IMO the OpenSSL update has nothing to do with it, otherwise the older versions should
break, not the newer versions.
Nik
Hi Nik,
if you are able to build packages yourself, please try this PR and let me know if it
works for you.
Konqueror works fine now but not sure about kmail.
https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs/pulls/175
If you can't build your packages, then please wait this this PR is merged and new
packages are available. The problem is
indeed related to openSSL 3.0 being now in debian testing and changing some of their
API.
Cheers
Michele
5:48 p.m.
Hi Michele,
Anno domini 2022 Sun, 3 Jul 16:48:38 +0900
Michele Calgaro via tde-users scripsit:
Hi Nik,
PR was merged into the TDE code. The updated deb packages should be named
tdelibs-trinity_14.1.0~s643-0debian12.0.0+18~a_all.deb (when available), so please test
and let us know whether this
fixes the issue for kmail too (the error seemed to be exactly the same as Konqueror).
Just installed 643, rebooted and now kmail works again, thank you :)
Nik
(Looks like some mails didn't make it to the list.)
This is the last version of tdelibs14-trinity that results in kmail beeing able to use
pop3 and smtp:
tdelibs14-trinity_4%3a14.1.0~s640-0debian12.0.0+18~a_amd64.deb
All newer versions break. I just tried with
tdelibs-trinity_4%3a14.1.0~s642-0debian12.0.0+18~a_all.deb
IMO the OpenSSL update has nothing to do with it, otherwise the older versions should
break, not the newer versions.
Nik
Hi Nik,
if you are able to build packages yourself, please try this PR and let me know if it
works for you.
Konqueror works fine now but not sure about kmail.
https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs/pulls/175
If you can't build your packages, then please wait this this PR is merged and new
packages are available. The problem is
indeed related to openSSL 3.0 being now in debian testing and changing some of their
API.
Cheers
Michele
Cheers
Michele
--
Please do not email me anything that you are not comfortable also sharing with the NSA,
CIA ...
29 Jul
29 Jul
9:04 p.m.
Hi all!
I'm not sure if this is related, but I have a non-working kmail again. Affected again
are pop3 and smtp. kmail displays this errormessage for all mail accounts:
"Could not connect to host Your POP3 server claims to support TLS but negotiation was
unsuccessful. You can disable TLS in TDE using the crypto settings module.."
.xsession-errors:
[2022/07/29 22:29:53.960] [tdeio_pop3] [6108] WARNING: TLS_client_method not defined!
[2022/07/29 22:29:53.960] [tdeio_pop3] [6108] WARNING: SSL_CTX_new not defined!
[2022/07/29 22:29:53.997] [tdeio_pop3] [6108] WARNING: TLS_client_method not defined!
[2022/07/29 22:29:53.997] [tdeio_pop3] [6108] WARNING: SSL_CTX_new not defined!
The problem appeared in the last tde updates that pulled in these packages:
tdebase-tdeio-plugins-trinity_4%3a14.1.0~s965-0debian12.0.0+22~a_amd64.deb
tdebase-tdeio-plugins-trinity_4%3a14.1.0~s971-0debian12.0.0+22~a_amd64.deb
kmail on a second computer that runs a slightly older version
tdebase-tdeio-plugins-trinity_4%3a14.1.0~s962-0debian12.0.0+21~a_amd64.deb works as
expected, but reverting to said version on the forst machine does not solve the problem.
Anything I can do?
Nik
Anno domini 2022 Mon, 4 Jul 10:59:03 +0900
Michele Calgaro via tde-users scripsit:
On 2022/07/04 02:48 AM, Dr. Nikolaus Klepp wrote:
--
Please do not email me anything that you are not comfortable also sharing with the NSA,
CIA ...
Just installed 643, rebooted and now kmail works
again, thank you:)
Nik
Hi Nik,
Great, thanks for confirming that it is all good now :-)
Cheers
Michele
976
days inactive
1005
days old
10 comments
3 participants
participants (3)
-
Dr. Nikolaus Klepp -
Michele Calgaro -
Slávek Banko