Your message dated Sun, 22 Mar 2015 21:17:20 +0000
with message-id <[email protected]>
and subject line Bug#775502: fixed in openssl 1.0.1e-2+deb7u15
has caused the Debian Bug report #775502,
regarding openssl: 1.0.1e-2+deb7u14 broke DTLS handshake with Chrome/Firefox
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
775502: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775502
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssl
Version: 1.0.1e-2+deb7u14
Severity: important
Dear Maintainer,
I have an application which uses libwebrtc to communicate with third party
WebRTC clients, which are mostly Chrome and Firefox browsers.
libwebrtc used in my application is compiled with openssl support to implement
DTLS encryption while Chrome and Firefox, I believe, use libnss.
After the 1.0.1e-2+deb7u14 update my application fails to connect to the
browsers. According to logs, DTLS handshake never completes and times out.
Through experimenting I found out that the problem is with the patch for
CVE-2014-3571 (0109-Fix-crash-in-dtls1_get_record-whilst-in-the-listen-s.patch).
If I rebuild the package without that patch the application starts connecting
again. It also works with 1.0.1e-2+deb7u13.
The libwebrtc code is quite massive, so it's difficult to make a reproducing
code example. But the relevant bits are here, if you're interested:
Certificate and identity creation:
http://webrtc.googlecode.com/svn/branches/3.52/talk/base/opensslidentity.cc
DTLS connection setup:
http://webrtc.googlecode.com/svn/branches/3.52/talk/base/opensslstreamadapter.cc
With the problematic openssl package the
OpenSSLStreamAdapter::SSLVerifyCallback() function is never called (there is no
"Accepted peer certificate."
message in the log), and the stream adapter keeps printing " -- error want
read" until timeout.
-- System Information:
Debian Release: 7.8
APT prefers stable
APT policy: (400, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.13-38+deb7u6
ii libssl1.0.0 1.0.1e-2+deb7u14
ii zlib1g 1:1.2.7.dfsg-13
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20130119+deb7u1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: openssl
Source-Version: 1.0.1e-2+deb7u15
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 Mar 2015 19:11:55 +0100
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc
libssl1.0.0-dbg
Architecture: source all amd64
Version: 1.0.1e-2+deb7u15
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian OpenSSL Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl-doc - SSL development documentation documentation
libssl1.0.0 - SSL shared libraries
libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 775502
Changes:
openssl (1.0.1e-2+deb7u15) wheezy-security; urgency=medium
.
* Fix CVE-2015-0286
* Fix CVE-2015-0287
* Fix CVE-2015-0289
* Fix CVE-2015-0292
* Fix CVE-2015-0293 (not affected, SSLv2 disabled)
* Fix CVE-2015-0209
* Fix CVE-2015-0288
* Remove export ciphers from DEFAULT.
* Make DTLS always act as if read_ahead is set. This fixes a regression
introduce by the fix for CVE-2014-3571. (Closes: #775502)
* Fix error codes.
Checksums-Sha1:
08692406f24adbcb528dd142adfa9879305fad6e 2218 openssl_1.0.1e-2+deb7u15.dsc
b38aceb6f5ff6a18e6b31a446b51229c81243141 161956
openssl_1.0.1e-2+deb7u15.debian.tar.gz
2dc4b309e475d19a1d961d0c7c725cce52ef9b0e 1198322
libssl-doc_1.0.1e-2+deb7u15_all.deb
be1518c83973745a53759be058b64346b0516eb4 701048
openssl_1.0.1e-2+deb7u15_amd64.deb
60d8d20bc95efdb96c6bcce9fdf676d7164d2e30 1260560
libssl1.0.0_1.0.1e-2+deb7u15_amd64.deb
a09fe14056279135ae0324cfe1891ff6deaa5649 634844
libcrypto1.0.0-udeb_1.0.1e-2+deb7u15_amd64.udeb
e49366f5ff9492cca8dba585d23af8e1c891c8ce 1756148
libssl-dev_1.0.1e-2+deb7u15_amd64.deb
7b1b54874c6e70f695a477607a3b2ab554485e32 3083056
libssl1.0.0-dbg_1.0.1e-2+deb7u15_amd64.deb
Checksums-Sha256:
cd5f089c2e8527631ab1e750a674b1639025fa00f6d17fbe7bff7b2d03c478ba 2218
openssl_1.0.1e-2+deb7u15.dsc
fa9688f3972c8fa48676965426ae23846b152348b169fcb1824550f83bdf4f94 161956
openssl_1.0.1e-2+deb7u15.debian.tar.gz
ac6f11f71bd8fd8100c43757db1f553a6421689e3f505c930dfbfec80cea2508 1198322
libssl-doc_1.0.1e-2+deb7u15_all.deb
047efc76d99ec3f739aa92cc3584012f28568e9a51d171919cf768f0e0d0d553 701048
openssl_1.0.1e-2+deb7u15_amd64.deb
9671de5281c5c855f3c5b863ec014bb9628265f77c433d00113bb87f0d56c678 1260560
libssl1.0.0_1.0.1e-2+deb7u15_amd64.deb
9bcdeaac992822731a2d6e0815a8fb9711c44704820cf855e1f68382bac522fe 634844
libcrypto1.0.0-udeb_1.0.1e-2+deb7u15_amd64.udeb
a1712d67ab4493455c5f70ac718e0af0f71eaabf0f993e57d4d3ed75e427bd96 1756148
libssl-dev_1.0.1e-2+deb7u15_amd64.deb
d604b17658dbdb89d5adb4e691eb773e99f823c08c0470b384f8314a3cb05140 3083056
libssl1.0.0-dbg_1.0.1e-2+deb7u15_amd64.deb
Files:
aa690f4b6ee6f17ee12cbd4c182f4461 2218 utils optional
openssl_1.0.1e-2+deb7u15.dsc
dce120b041cd780cd5f88e483743c4cc 161956 utils optional
openssl_1.0.1e-2+deb7u15.debian.tar.gz
5888fb0861e5862eed15a26aed664c17 1198322 doc optional
libssl-doc_1.0.1e-2+deb7u15_all.deb
8eee98eab262675d99527a80b8d1c83e 701048 utils optional
openssl_1.0.1e-2+deb7u15_amd64.deb
55e4a097ccda0a570b61a8432abf364c 1260560 libs important
libssl1.0.0_1.0.1e-2+deb7u15_amd64.deb
d0da81f1c4ed8a4864ffd26a5d170ca3 634844 debian-installer optional
libcrypto1.0.0-udeb_1.0.1e-2+deb7u15_amd64.udeb
08e8532f5ee8fa9a77ce7daea3fbf59f 1756148 libdevel optional
libssl-dev_1.0.1e-2+deb7u15_amd64.deb
5cce53a9526b39869fdb13bf591f8011 3083056 debug extra
libssl1.0.0-dbg_1.0.1e-2+deb7u15_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVCd0KAAoJEOPE3c0eTBJEQh8P/3ChUZ9ZBtSG4dsloTfBaDjk
KJNKeQturFPollbc36eimTOOb94iAN7mrVMAhNqdH9Vzz4NxO1ITYzGqXy0yRVeA
NN9WxlED8uov5eEVGvgnfVp1B/NSMa967upde88ifCFIkpvc/QWjSEqIa4HOV1Gs
YUgUrPic4Foz5TBBLJheZkjpLr4LVYnJQoeLzF5pRfSOYUoQ/SnSQENeEmOt+GPu
/ifKySyIMOKaOmkxRz9OO+m3eVjhl/0sFvA7mBWqZeHIMMngdQ/MC630YYkk94E7
CsJ01IAx5KtX1gReVsVek7tZ5cDn2Y6ZkM4TLoUnCQQ99bWBQGFVZWTiC69T/kpG
C9TVEO+4LuJ+hmVW0psIWUFlZB4vv/OVg1BE1jnK2qhZXU2Otaf+ybaIB7Ik28OL
ItHgRAAulTw4bLeknZBlVOAZDrMaWekAqXOAb+see6PCceV8FK04BdCvWdTFWymU
L2y1Gn8eqD7h+P9AScgy8vuO92Ce6YS0GFESIs12g9hRxb/BGZ8x3PWgd2W3N8RW
CKJEK09Jcs6ensSojs+4pBpzfu5MAmvogWyqwiG6y0VPe2BCGGmslPYP63NI2U6w
1kFQYEUBAKb5qKTYYZlMcHWxk5EatMZyprZNdnjlUW08RvdPMamIuKQq9UuAuwCU
v5JpjbmCbVsa6TTMCwVp
=zF5S
-----END PGP SIGNATURE-----
--- End Message ---
