Your message dated Wed, 27 Sep 2023 18:32:10 +0000
with message-id <[email protected]>
and subject line Bug#1038243: fixed in unbound 1.17.1-2+deb12u1
has caused the Debian Bug report #1038243,
regarding unbound: error log flooding when unbound is configured with a DNS
over TLS upstream server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1038243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038243
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: unbound
Version: 1.17.1-2
Severity: important
Hello,
I upgraded from bullseye to bookworm and after the upgrade unbound in version
1.17.1-2 is flooding the journal with the error messages."error: could not
SSL_read crypto error:0A000126:SSL routines::unexpected eof while reading“.
Unbound is configured with DNS over TLS forward addresses
(forward-ssl-upstream: yes).
journal entries:
journalctl -b -u unbound.service
Jun 15 22:39:13 klettur-01 systemd[1]: Starting unbound.service - Unbound DNS
server...
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] notice: init module 0:
subnetcache
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] warning: subnetcache:
serve-expired is set but not working for data originating from the subnet
module cache.
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] warning: subnetcache:
prefetch is set but not working for data originating from the subnet module
cache.
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] notice: init module 1:
validator
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] notice: init module 2:
iterator
Jun 15 22:39:15 klettur-01 unbound[1501]: [1501:0] info: start of service
(unbound 1.17.1).
Jun 15 22:39:15 klettur-01 systemd[1]: Started unbound.service - Unbound DNS
server.
Jun 15 22:39:26 klettur-01 unbound[1501]: [1501:0] info: generate keytag query
_ta-4f66. NULL IN
Jun 15 22:39:36 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:36 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:36 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:36 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:41 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:52 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:52 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:52 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:39:52 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:18 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:18 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:32 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:32 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:32 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:56 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:56 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:40:56 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:41:12 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:41:12 klettur-01 unbound[1501]: [1501:0] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
Jun 15 22:41:12 klettur-01 unbound[1501]: [1501:1] error: could not SSL_read
crypto error:0A000126:SSL routines::unexpected eof while reading
The error log entries are related to OpenSSL 3.
Related upstream Issue:
https://github.com/NLnetLabs/unbound/issues/812
This bug is fixed in upstream commit:
https://github.com/NLnetLabs/unbound/commit/d7e776114114c16816570e48ab3a27eedc401a0e
Can you please backport the patch to the bookworm package.
Regards,
Wolfgang
--- End Message ---
--- Begin Message ---
Source: unbound
Source-Version: 1.17.1-2+deb12u1
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
unbound, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated unbound package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Sep 2023 18:45:40 +0300
Source: unbound
Architecture: source
Version: 1.17.1-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: unbound packagers <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 1038243
Changes:
unbound (1.17.1-2+deb12u1) bookworm; urgency=medium
.
* fix-812-fix-846-by-using-the-SSL_OP_IGNORE_UNEXPECTE.patch from upstream
to fix error log flooding when using DNS over TLS with openssl 3.0.
Closes: #1038243
Checksums-Sha1:
70826e9f872b70fa75de940de43dc12d14a63d37 2875 unbound_1.17.1-2+deb12u1.dsc
192ed83906d4dbca5bf9535a943abc4fc2cc903a 30664
unbound_1.17.1-2+deb12u1.debian.tar.xz
8ce5f41f04f1ad4c35d2966a72bdbe313c213513 7662
unbound_1.17.1-2+deb12u1_source.buildinfo
Checksums-Sha256:
edafdc6e3e6f057fbd6664380ad9da3755ba9da55b43d7f3dc2614e602dfdc44 2875
unbound_1.17.1-2+deb12u1.dsc
e1546f50fe51c6ec7a6c3c05a807331f62c0401da6dd54025c338e1f3971ef74 30664
unbound_1.17.1-2+deb12u1.debian.tar.xz
35ecfba4a83a29f19131421fad2fa08f0861716c0ff8b796f2def169f4ac4f68 7662
unbound_1.17.1-2+deb12u1_source.buildinfo
Files:
7b93b1517b2f944a60511c65231c075a 2875 net optional unbound_1.17.1-2+deb12u1.dsc
cd2c8423161f2d628b56ad0b5477f346 30664 net optional
unbound_1.17.1-2+deb12u1.debian.tar.xz
6f055a042cad527a433ce34b103c0ee2 7662 net optional
unbound_1.17.1-2+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmURrVAPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZxEQIALLfi5jRFEwNqMFSBsoG1TN0weB9cqk3RVY4
8GuG51022SSY+2S+/2k1JiRql1ljRWLrjLskfCMvfxkkwQP/CN/1tyu6FTQDco1O
n71DJNAk6GUmM9vJ1MQFATV0IyyiHB+EsUTdaO6tGJfCbW6JP4Sg3iVbjL1FJjF5
W7hy41u/oAp82ZeqAh6AYRP8NhCDANbiev0FHBYbes+UDiLGOx/E73mtE0/HJ0hl
YlVnEaAbglz9SFvzDjROEwTAoL51VrX95y9iJ2dsvkELSfuCGsXEAWOCT2v3bY6I
mGilw54TtGObFz0LUmYD4g2Qmg2EF4YWDDN90c0cUtdUC403g1Y=
=4wKi
-----END PGP SIGNATURE-----
--- End Message ---
