On Wed, Dec 28, 2005 at 10:57:42AM +0100, Javier Fernández-Sanguino Peña wrote: > After debugging this issue in a system that Marc Haber set up for testing > I've found two different issues, one is a misconfiguration, the other is a > problem with the nessus package (the client)
> - (fixing the above) the nessus client was not able to connect to the server
> error . Error message:
> [ client ]
> [8305] SSL_connect: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert
> bad record mac
> nessus : SSL error
> [ none at server ]
> I downgraded the nessus client version to 2.2.5-2 (which is *not* compiled
> against both 0.9.7 and 0.9.8 SSL libraries) and it worked fine.
> The issue should be fixed by recompiling the client against a set of the
> libraries, and should affect only the 2.2.5-3 version under i386. Notice,
> also that the package has an undeclared dependency on libssl0.9.7 (the binary
> is linked against that one).
Why do you say that?
$ dpkg -x n/nessus-core/nessus_2.2.5-3_i386.deb /tmp/nessus
$ ldd /tmp/nessus/usr/bin/nessus |grep ssl
libssl.so.0.9.8 => not found
$
I don't see any reason to think that 2.2.5-3 is linked against 0.9.7.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
