Colomban Wendling: > Package: mumble > Version: 1.2.10-2+b1 > Severity: grave > Justification: renders package unusable > > Dear Maintainer, > > Since last upgrade (the rebuild, +b1, oddly enough) Mumble aborts > trying to connect to any server:
The +b1 is a binNMU, meaning that the same exact code is being recompiled after a library upgrade, and in this case I believe the auto-openssl transition triggered the binNMU: https://release.debian.org/transitions/html/auto-openssl.html >> OpenSSL Support: 1 (OpenSSL 1.0.2d 9 Jul 2015) >> MumbleSSL: unable to allocate SSL_CTX >> Invalid 'net/sslciphers' config option. Either the cipher string is invalid >> or none of the ciphers are available:: "EECDH+AESGCM:AES256-SHA:AES128-SHA" >> Abandon Yep, I confirm this. Additionally, mumble-server quits on startup because of the same issue. > I do not have altered the net/sslciphers option, and ciphers look fine: > >> $ openssl ciphers "EECDH+AESGCM:AES256-SHA:AES128-SHA" >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA:AES128-SHA > > Anyway, after digging a lot, it appears that Mumble forgets to call > `SSL_library_init()` [1]. Injecting such a call early in the run fixes > the issue: > >> $ gdb mumble >> GNU gdb (Debian 7.10-1) 7.10 >> [...snip...] >> Reading symbols from mumble...Reading symbols from >> /usr/lib/debug/.build-id/d7/713cd5f7d3cbaaa65bcdbe9bb1cc45b6478eb1.debug...done. >> done. >> (gdb) break main >> Breakpoint 1 at 0x43eda0: file main.cpp, line 136. >> (gdb) run >> Starting program: /usr/bin/mumble >> [Thread debugging using libthread_db enabled] >> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". >> >> Breakpoint 1, main (argc=1, argv=0x7fffffffe028) at main.cpp:136 >> 136 main.cpp: No such file or directory. >> (gdb) call SSL_library_init() >> $1 = 1 >> (gdb) continue >> Continuing. >> [...snip...] >> OpenSSL Support: 1 (OpenSSL 1.0.2d 9 Jul 2015) >> ServerHandler: TLS cipher preference is >> "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA:AES128-SHA" > > And everything seem to work fine. Thanks for taking the time to find this -- it should be very helpful in figuring out the fix. > Without this, not only Mumble aborts trying to connect to servers, but > it also fails to check and generate user certificates. This throws the > existing user certificate away on each startup, losing some > unreproducible and potentially important data. Ugh. Mumble normally automatically makes a backup of certs when the user makes a new one (in ~/Documents, I believe) so hopefully that data isn't lost permanently. [But yes I consider this a grave issue too.] > So, please fix the code to properly init LibSSL as required -- or > whatever the proper fix is. Just off-the-top-of-my-head based on what you found with [1] it looks like this could be fixed by adding init_openssl_library(); to line 52 of src/SSL.cpp and then a blank line. I'm attaching a patch that I'm about to try that does this. > > Regards, > Colomban > > > [1] https://wiki.openssl.org/index.php/SSL/TLS_Client#Initialization Thanks very much for reporting this. Great work. -- Chris -- Chris Knadle chris.kna...@coredump.us
Description: the SSL library must be initialized, otherwise mumble and
mumble-server both fail to find the available ciphers fail to start
Author: Colomban Wendling <lists....@herbesfolles.org>
Christohper Knadle <chris.kna...@coredump.us>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804363
Last-Updated: 2015-11-08
--- a/src/SSL.cpp
+++ b/src/SSL.cpp
@@ -49,6 +49,8 @@
QByteArray csbuf = cipherString.toLatin1();
const char *ciphers = csbuf.constData();
+ init_openssl_library();
+
meth = SSLv23_server_method();
if (meth == NULL) {
qWarning("MumbleSSL: unable to get SSL method");
signature.asc
Description: OpenPGP digital signature
