Control: reassign -1 openssl 1.1.1~~pre9-1 Control: tag -1 + buster On Sun, 11 Aug 2019 09:42:21 +0200 Johannes 'josch' Schauer <jo...@debian.org> wrote: > steps to reproduce: > > $ sudo debootstrap --include=curl,ca-certificates unstable debian-unstable > [...] > $ sudo chroot debian-unstable curl -vvv https://www.daserste.de > * Trying 8.248.97.252:443... > * TCP_NODELAY set > * Connected to www.daserste.de (8.248.97.252) port 443 (#0) > * ALPN, offering h2 > * ALPN, offering http/1.1 > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * TLSv1.3 (IN), TLS handshake, Server hello (2): > * TLSv1.2 (IN), TLS handshake, Certificate (11): > * TLSv1.2 (IN), TLS handshake, Server key exchange (12): > * TLSv1.2 (OUT), TLS alert, handshake failure (552): > * error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type > * Closing connection 0 > curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong > signature type > > This also happens with other domains. I hope this is actually a curl > issue and not my own stupidity but this problem only occurs with curl > and not wget or firefox and the domain from above has an A+ rating on > ssllabs.com, so I guess it is properly configured.
I now figured out that this problem is actually due to openssl and not due to curl. I bisected Debian unstable from snapshot.d.o to figure out that the last working snapshot is 20180822T014239Z and the first that shows this problem is 20180822T060826Z. When I diff the output of `dpkg -l` on both chroots then I get: 82c82 < ii libssl1.1:amd64 1.1.0h-4 amd64 Secure Sockets Layer toolkit - shared libraries --- > ii libssl1.1:amd64 1.1.1~~pre9-1 amd64 > Secure Sockets Layer toolkit - shared libraries 95c95 < ii openssl 1.1.0h-4 amd64 Secure Sockets Layer toolkit - cryptographic utility --- > ii openssl 1.1.1~~pre9-1 amd64 > Secure Sockets Layer toolkit - cryptographic utility Thanks! cheers, josch
signature.asc
Description: signature
