Bug#701826: marked as done (libssl1.0.0: "handshake failure" messages with openconnect)

Debian Bug Tracking System Mon, 18 Mar 2013 14:06:25 -0700

Your message dated Mon, 18 Mar 2013 21:03:53 +0000
with message-id <[email protected]>
and subject line Bug#701826: fixed in openssl 1.0.1e-2
has caused the Debian Bug report #701826,
regarding libssl1.0.0: "handshake failure" messages with openconnect
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
701826: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701826
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libssl1.0.0
Version: 1.0.1e-1
Severity: normal

After upgrading libssl1.0.0 from 1.0.1c-4 to 1.0.1e-1, using the
openconnect VPN client (version 3.20-3, both before and after the
openssl upgrade) produces many of these messages, about one pair per
minute:

Feb 27 09:08:52 asenath openconnect[4692]: DTLS handshake failed: 1
Feb 27 09:08:52 asenath openconnect[4692]: 140011978094248:error:14102410:SSL 
routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:1166:SSL alert 
number 40

Within the first minute after starting openconnect, I also see one like
this, which doesn't recur:

Feb 27 09:07:50 asenath openconnect[4692]: DTLS handshake failed: 2

None of these appeared before this upgrade. 

I don't see any impact on openconnect's actual functionality, so it
appears to retry in some manner more acceptable to openssl.

It is, of course, possible that the openssl change is perfectly correct,
and that this bug should be reassigned to openconnect for a
"compatibility catch-up" change.


-- System Information:
Debian Release: 7.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libssl1.0.0 depends on:
ii  debconf [debconf-2.0]  1.5.49
ii  libc6                  2.13-38
ii  multiarch-support      2.13-38
ii  zlib1g                 1:1.2.7.dfsg-13

libssl1.0.0 recommends no packages.

libssl1.0.0 suggests no packages.

-- debconf information:
  libssl1.0.0/restart-failed:
* libssl1.0.0/restart-services:

--- End Message ---

--- Begin Message ---

Source: openssl
Source-Version: 1.0.1e-2

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Mar 2013 20:37:11 +0100
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc 
libssl1.0.0-dbg
Architecture: source all amd64
Version: 1.0.1e-2
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description: 
 libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl-doc - SSL development documentation documentation
 libssl1.0.0 - SSL shared libraries
 libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 678353 699692 701826 701868 702635 703031
Changes: 
 openssl (1.0.1e-2) unstable; urgency=high
 .
   * Bump shlibs.  It's needed for the udeb.
   * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
   * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, 
#678353)
   * Fix problem with DTLS version check (Closes: #701826)
   * Fix segfault in SSL_get_certificate (Closes: #703031)
Checksums-Sha1: 
 db5b2f5254177fd10516418f5aded10e41238584 2200 openssl_1.0.1e-2.dsc
 79aab42004fe748d787f350b696c97052d9844aa 92251 openssl_1.0.1e-2.debian.tar.gz
 a7db079df4c769b67dbd5596a0e12adaf297c828 1200002 libssl-doc_1.0.1e-2_all.deb
 c3e6d0bdf6164e3e518c9af7e6ff08561773b5f9 699076 openssl_1.0.1e-2_amd64.deb
 82a3e215f953998c48e203627141ec62af447aac 1218956 libssl1.0.0_1.0.1e-2_amd64.deb
 6509fcf58f0f98eecb6972e39d7e44bb66da1cd6 605098 
libcrypto1.0.0-udeb_1.0.1e-2_amd64.udeb
 01def5b417c11f3ce6e164a9063c1c5cbf8bc2a8 1705096 libssl-dev_1.0.1e-2_amd64.deb
 b069075875842f52f3cab26635201400c474ae86 3015378 
libssl1.0.0-dbg_1.0.1e-2_amd64.deb
Checksums-Sha256: 
 86aa7e7bc7d048d2ebb98fcbbdb01d06a05f457c9c68a562cbe4b144656d6cae 2200 
openssl_1.0.1e-2.dsc
 878e82daa896ef1db74f6cc6b6c4ce29d34b0add8f92fae91f84e533920c3b08 92251 
openssl_1.0.1e-2.debian.tar.gz
 45c9c36d33a147fd35ebef984f7f3401bfd7b83531844f30e4c90fb29fb93bf5 1200002 
libssl-doc_1.0.1e-2_all.deb
 13628ca20e97451494ac1132c0ba7ec6f3f9b56071b38df429eaaa5f37afe2c1 699076 
openssl_1.0.1e-2_amd64.deb
 972b929a114764c8da4adceac6151004ad3a69eb55316c688fa5b3e53b2dd626 1218956 
libssl1.0.0_1.0.1e-2_amd64.deb
 e1953379849a16ef11d7487133dd19098f04b1fc4f775f6210d2544a8b9c6f65 605098 
libcrypto1.0.0-udeb_1.0.1e-2_amd64.udeb
 6b05d5c3ae00b8e9c0cab78e5f4961d90e5359e6354a15e1ac91472bcf05d973 1705096 
libssl-dev_1.0.1e-2_amd64.deb
 a72311458460461937ed9264a839612183f35c44b8575e7324d34396b4ca2e54 3015378 
libssl1.0.0-dbg_1.0.1e-2_amd64.deb
Files: 
 197d7f46f2024a53c945c0dab1965e07 2200 utils optional openssl_1.0.1e-2.dsc
 efa47a7fb3d60798ac95d58776a3f0c7 92251 utils optional 
openssl_1.0.1e-2.debian.tar.gz
 7e8bec78d61c659eaba9480bfffe69b9 1200002 doc optional 
libssl-doc_1.0.1e-2_all.deb
 02e83e4a9c6284db8f5eee963ccf8a6b 699076 utils optional 
openssl_1.0.1e-2_amd64.deb
 4f16d78441d83f9da09be71f0eca09fa 1218956 libs important 
libssl1.0.0_1.0.1e-2_amd64.deb
 6864b5ac478d12fa3e9f9b1484c833bf 605098 debian-installer optional 
libcrypto1.0.0-udeb_1.0.1e-2_amd64.udeb
 082832d40ca3c858e0b668f54ecf9098 1705096 libdevel optional 
libssl-dev_1.0.1e-2_amd64.deb
 d43f4f7c37524a4165965e8407c720d2 3015378 debug extra 
libssl1.0.0-dbg_1.0.1e-2_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRR3AkAAoJEKGfLDAaVSLd5/wP/RqXQ7V6onckGb2VgMwo/bJz
GjtNmc2rWm4+Gqn7KfgWb27vygnVrv9KzXZCEHbUxfRXDS7x7gKE2m7IOWFGL6vG
T9kd1zAX5j2w2w+Nb5wCfGawdKxzr8fGFUwwgF5k6fhdyzZSZXD4y8yA4ys7DQ71
pUzmDDNojA0RoJdPyW2kUG5VW0Sz/XtfzRF/dlpkD+VVLVtPsrZd++7TWssKFEjL
Iq0SvBwb7j5oZRFJK45KNz0eWFS6yYP1t83J2Qdg7mzwsJi4IrLHRD0U6nRQ8xdE
jKJOrnZBJa4aUR8VQnuyAL42XXzi+leDCSUD1oecEuH89kIv/S2CAmP28ZVhcnl4
Czw3BOsv7ftEw6KreJ9rlF1+VRLmG/wvAIsw1gz8zrL7ZUXYX6HXintrwjHosE8i
Z0lDWhsAS5ZobB0SZViM4fMWzVQla1krIvC9E/e3Ys38Ko3QkJ3dSEjw5grEmgoi
jQPR1ctPlwg2MZ55BWDAGMjct589LqF+hYD2g5SuRWpL3XnwAgx1Fnrlh8JzNv9f
Cq35HVUCRB96qAJAP3fCSrGYLzbVVGNHgffHtIjuHFPhtE/5C++QXO8JIzUq9WyD
E6vlKhcEL21b6xLPiOESJ5a2cSAGX1E6xj+83/RPqSA6yl84zXegx08lOpKkoMr8
MqqZyphq42l4aMfpwHi3
=3a9s
-----END PGP SIGNATURE-----

--- End Message ---

Bug#701826: marked as done (libssl1.0.0: "handshake failure" messages with openconnect)

Reply via email to