Hi Slavek!
On Tuesday 14 of June 2022 10:04:17 Dr. Nikolaus Klepp wrote: ...
Hi Nik,
the "WARNING: SSL_get_peer_certificate not defined!" message makes it aware that this is related to the OpenSSL library update - the KSSL module failed to find the necessary functions in the library.
This will require to check the compatibility of the new SSL library API and make the necessary modifications in the code. Thank you for the warning!
Cheers
Slávek
(Looks like some mails didn't make it to the list.)
This is the last version of tdelibs14-trinity that results in kmail beeing able to use pop3 and smtp: tdelibs14-trinity_4%3a14.1.0~s640-0debian12.0.0+18~a_amd64.deb
All newer versions break. I just tried with tdelibs-trinity_4%3a14.1.0~s642-0debian12.0.0+18~a_all.deb
IMO the OpenSSL update has nothing to do with it, otherwise the older versions should break, not the newer versions.
Nik
On 2022/07/01 01:27 AM, Dr. Nikolaus Klepp wrote:
Hi Slavek!
On Tuesday 14 of June 2022 10:04:17 Dr. Nikolaus Klepp wrote: ...
Hi Nik,
the "WARNING: SSL_get_peer_certificate not defined!" message makes it aware that this is related to the OpenSSL library update - the KSSL module failed to find the necessary functions in the library.
This will require to check the compatibility of the new SSL library API and make the necessary modifications in the code. Thank you for the warning!
Cheers
Slávek
(Looks like some mails didn't make it to the list.)
This is the last version of tdelibs14-trinity that results in kmail beeing able to use pop3 and smtp: tdelibs14-trinity_4%3a14.1.0~s640-0debian12.0.0+18~a_amd64.deb
All newer versions break. I just tried with tdelibs-trinity_4%3a14.1.0~s642-0debian12.0.0+18~a_all.deb
IMO the OpenSSL update has nothing to do with it, otherwise the older versions should break, not the newer versions.
Nik
Hi Nik, if you are able to build packages yourself, please try this PR and let me know if it works for you. Konqueror works fine now but not sure about kmail. https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs/pulls/175
If you can't build your packages, then please wait this this PR is merged and new packages are available. The problem is indeed related to openSSL 3.0 being now in debian testing and changing some of their API.
Cheers Michele
Anno domini 2022 Sun, 3 Jul 14:38:26 +0900 Michele Calgaro via tde-users scripsit:
On 2022/07/01 01:27 AM, Dr. Nikolaus Klepp wrote:
Hi Slavek!
On Tuesday 14 of June 2022 10:04:17 Dr. Nikolaus Klepp wrote: ...
Hi Nik,
the "WARNING: SSL_get_peer_certificate not defined!" message makes it aware that this is related to the OpenSSL library update - the KSSL module failed to find the necessary functions in the library.
This will require to check the compatibility of the new SSL library API and make the necessary modifications in the code. Thank you for the warning!
Cheers
Slávek
(Looks like some mails didn't make it to the list.)
This is the last version of tdelibs14-trinity that results in kmail beeing able to use pop3 and smtp: tdelibs14-trinity_4%3a14.1.0~s640-0debian12.0.0+18~a_amd64.deb
All newer versions break. I just tried with tdelibs-trinity_4%3a14.1.0~s642-0debian12.0.0+18~a_all.deb
IMO the OpenSSL update has nothing to do with it, otherwise the older versions should break, not the newer versions.
Nik
Hi Nik, if you are able to build packages yourself, please try this PR and let me know if it works for you. Konqueror works fine now but not sure about kmail. https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs/pulls/175
I can build for FreeBSD, but I never managed to do this for devuan :/
If you can't build your packages, then please wait this this PR is merged and new packages are available. The problem is indeed related to openSSL 3.0 being now in debian testing and changing some of their API.
This is interesting. Why does the old version work, but not the new one? This is what I get on my system with new openssl and old tdelibs:
$ fgrep "SSL_get_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0 /usr/lib/x86_64-linux-gnu/libssl.so grep: /opt/trinity/lib/libtdeio.so.14.0.0: binary file matches $ fgrep "SSL_get1_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0 /usr/lib/x86_64-linux-gnu/libssl.so grep: /usr/lib/x86_64-linux-gnu/libssl.so: binary file matches
Now kmail works, but it should not, should it?
Nik
Cheers Michele
On 2022/07/03 04:42 PM, Dr. Nikolaus Klepp wrote:
This is interesting. Why does the old version work, but not the new one? This is what I get on my system with new openssl and old tdelibs:
$ fgrep "SSL_get_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0 /usr/lib/x86_64-linux-gnu/libssl.so grep: /opt/trinity/lib/libtdeio.so.14.0.0: binary file matches $ fgrep "SSL_get1_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0 /usr/lib/x86_64-linux-gnu/libssl.so grep: /usr/lib/x86_64-linux-gnu/libssl.so: binary file matches
Now kmail works, but it should not, should it?
Nik
Hi Nik, In openSSL 1.1 there is a function called "SSL_get_peer_certificate" which is part of the public API. In openSSL 3.0, "SSL_get_peer_certificate" is an alias to SSL_get1_peer_certificate and the symbol is not exported in libssl.so.3 ("SSL_get1_peer_certificate" is exported). Prior to the mentioned PR, TDE was looking for "SSL_get_peer_certificate" and could not find it if openSSL 3.0 was in use. Therefore the old version worked, the newer one didn't.
Cheers Michele
Anno domini 2022 Sun, 3 Jul 16:55:22 +0900 Michele Calgaro via tde-users scripsit:
On 2022/07/03 04:42 PM, Dr. Nikolaus Klepp wrote:
This is interesting. Why does the old version work, but not the new one? This is what I get on my system with new openssl and old tdelibs:
$ fgrep "SSL_get_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0 /usr/lib/x86_64-linux-gnu/libssl.so grep: /opt/trinity/lib/libtdeio.so.14.0.0: binary file matches $ fgrep "SSL_get1_peer_certificate" /opt/trinity/lib/libtdeio.so.14.0.0 /usr/lib/x86_64-linux-gnu/libssl.so grep: /usr/lib/x86_64-linux-gnu/libssl.so: binary file matches
Now kmail works, but it should not, should it?
Nik
Hi Nik, In openSSL 1.1 there is a function called "SSL_get_peer_certificate" which is part of the public API. In openSSL 3.0, "SSL_get_peer_certificate" is an alias to SSL_get1_peer_certificate and the symbol is not exported in libssl.so.3 ("SSL_get1_peer_certificate" is exported). Prior to the mentioned PR, TDE was looking for "SSL_get_peer_certificate" and could not find it if openSSL 3.0 was in use. Therefore the old version worked, the newer one didn't.
Oh, I was unclear: tdelibs s640 works on my system with openSSL 3.0 (no openSSL 1.1). tdelibs s641 and s642 do not work on the very system. That's what I find kind of odd.
Nik
Cheers Michele
-- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ...
On 2022/07/03 06:49 PM, Dr. Nikolaus Klepp wrote:
Oh, I was unclear: tdelibs s640 works on my system with openSSL 3.0 (no openSSL 1.1). tdelibs s641 and s642 do not work on the very system. That's what I find kind of odd.
Nik
Uhm... that sounds a bit weird. tdelibs 640 is from a commit on June 8. openssl 3.0 was migrated to debian testing on June 11. I guess tdelibs 640 was still dependent on openssl 1.1 and therefore it worked fine, while more recent versions of tdelibs were dependent on openssl 3 and therefore didn't work anymore.
Cheers Michele
On Sunday 03 of July 2022 13:30:17 Michele Calgaro via tde-users wrote:
On 2022/07/03 06:49 PM, Dr. Nikolaus Klepp wrote:
Oh, I was unclear: tdelibs s640 works on my system with openSSL 3.0 (no openSSL 1.1). tdelibs s641 and s642 do not work on the very system. That's what I find kind of odd.
Nik
Uhm... that sounds a bit weird. tdelibs 640 is from a commit on June 8. openssl 3.0 was migrated to debian testing on June 11. I guess tdelibs 640 was still dependent on openssl 1.1 and therefore it worked fine, while more recent versions of tdelibs were dependent on openssl 3 and therefore didn't work anymore.
Cheers Michele
Hi Nik,
yes, that's exactly as Michele says. And it is not weird at all, but expected. Because in R14.1.0~pre have tdelibs (unwanted) fixed dependence on libssl, for versions <= ~s640 there was hard linking on libssl1.1 (>= 1.1.0), while for newer builds there is hard linking on libssl3 (>= 3.0.0) and therefore the problem of incomatility has manifested itself only with newer builds. And Michele's patch solves this problem of incompatibility.
Cheers
(Looks like some mails didn't make it to the list.)
This is the last version of tdelibs14-trinity that results in kmail beeing able to use pop3 and smtp: tdelibs14-trinity_4%3a14.1.0~s640-0debian12.0.0+18~a_amd64.deb
All newer versions break. I just tried with tdelibs-trinity_4%3a14.1.0~s642-0debian12.0.0+18~a_all.deb
IMO the OpenSSL update has nothing to do with it, otherwise the older versions should break, not the newer versions.
Nik
Hi Nik, if you are able to build packages yourself, please try this PR and let me know if it works for you. Konqueror works fine now but not sure about kmail. https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs/pulls/175
If you can't build your packages, then please wait this this PR is merged and new packages are available. The problem is indeed related to openSSL 3.0 being now in debian testing and changing some of their API.
Cheers Michele
Hi Nik, PR was merged into the TDE code. The updated deb packages should be named tdelibs-trinity_14.1.0~s643-0debian12.0.0+18~a_all.deb (when available), so please test and let us know whether this fixes the issue for kmail too (the error seemed to be exactly the same as Konqueror).
Cheers Michele
Hi Michele,
Anno domini 2022 Sun, 3 Jul 16:48:38 +0900 Michele Calgaro via tde-users scripsit:
(Looks like some mails didn't make it to the list.)
This is the last version of tdelibs14-trinity that results in kmail beeing able to use pop3 and smtp: tdelibs14-trinity_4%3a14.1.0~s640-0debian12.0.0+18~a_amd64.deb
All newer versions break. I just tried with tdelibs-trinity_4%3a14.1.0~s642-0debian12.0.0+18~a_all.deb
IMO the OpenSSL update has nothing to do with it, otherwise the older versions should break, not the newer versions.
Nik
Hi Nik, if you are able to build packages yourself, please try this PR and let me know if it works for you. Konqueror works fine now but not sure about kmail. https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs/pulls/175
If you can't build your packages, then please wait this this PR is merged and new packages are available. The problem is indeed related to openSSL 3.0 being now in debian testing and changing some of their API.
Cheers Michele
Hi Nik, PR was merged into the TDE code. The updated deb packages should be named tdelibs-trinity_14.1.0~s643-0debian12.0.0+18~a_all.deb (when available), so please test and let us know whether this fixes the issue for kmail too (the error seemed to be exactly the same as Konqueror).
Just installed 643, rebooted and now kmail works again, thank you :)
Nik
Cheers Michele
Hi all!
I'm not sure if this is related, but I have a non-working kmail again. Affected again are pop3 and smtp. kmail displays this errormessage for all mail accounts:
"Could not connect to host Your POP3 server claims to support TLS but negotiation was unsuccessful. You can disable TLS in TDE using the crypto settings module.."
.xsession-errors:
[2022/07/29 22:29:53.960] [tdeio_pop3] [6108] WARNING: TLS_client_method not defined! [2022/07/29 22:29:53.960] [tdeio_pop3] [6108] WARNING: SSL_CTX_new not defined! [2022/07/29 22:29:53.997] [tdeio_pop3] [6108] WARNING: TLS_client_method not defined! [2022/07/29 22:29:53.997] [tdeio_pop3] [6108] WARNING: SSL_CTX_new not defined!
The problem appeared in the last tde updates that pulled in these packages: tdebase-tdeio-plugins-trinity_4%3a14.1.0~s965-0debian12.0.0+22~a_amd64.deb tdebase-tdeio-plugins-trinity_4%3a14.1.0~s971-0debian12.0.0+22~a_amd64.deb
kmail on a second computer that runs a slightly older version tdebase-tdeio-plugins-trinity_4%3a14.1.0~s962-0debian12.0.0+21~a_amd64.deb works as expected, but reverting to said version on the forst machine does not solve the problem.
Anything I can do?
Nik
Anno domini 2022 Mon, 4 Jul 10:59:03 +0900 Michele Calgaro via tde-users scripsit:
On 2022/07/04 02:48 AM, Dr. Nikolaus Klepp wrote:
Just installed 643, rebooted and now kmail works again, thank you:)
Nik
Hi Nik, Great, thanks for confirming that it is all good now :-) Cheers Michele
-- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ...
-
Dr. Nikolaus Klepp -
Michele Calgaro -
Slávek Banko