Re: [pca] Patch file not downloaded with cipher or hash unavailable
Am 03.05.2015 um 11:53 schrieb Frank Langelage: Connecting to aru-akam-secure.oracle.com|184.31.84.14|:443... connected. OpenSSL: error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable Unable to establish SSL connection. Strange. Did patch downloads work on that system before? Did you update wget or pca or install patches recently? The error seems to suggest that certain ciphers are missing from the SSL library. If that's true, and nothing has changed on your system, it would mean that something must have changed on the server. Could other PCA users please test patch downloads and see if they get the same error? Martin.
Re: [pca] Patch file not downloaded with cipher or hash unavailable
I pulled patches on Sunday morning without incident. michaeldgale -Original Message- From: pca [mailto:pca-boun...@lists.univie.ac.at] On Behalf Of Martin Paul Sent: Monday, May 04, 2015 7:44 AM To: PCA (Patch Check Advanced) Discussion Subject: Re: [pca] Patch file not downloaded with cipher or hash unavailable Am 03.05.2015 um 11:53 schrieb Frank Langelage: Connecting to aru-akam-secure.oracle.com|184.31.84.14|:443... connected. OpenSSL: error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable Unable to establish SSL connection. Strange. Did patch downloads work on that system before? Did you update wget or pca or install patches recently? The error seems to suggest that certain ciphers are missing from the SSL library. If that's true, and nothing has changed on your system, it would mean that something must have changed on the server. Could other PCA users please test patch downloads and see if they get the same error? Martin. smime.p7s Description: S/MIME cryptographic signature
Re: [pca] Patch file not downloaded with cipher or hash unavailable
Sure. I patched (1 installed) Saturday without issue and, per your request, have just pulled a couple of random patches without issue: NONAME Sun SPARC Enterprise T5120 64 GB RAM Serial #99975552 Host ID: 99915d80 SunOS Release 5.10 Version Generic 64-bit SPARC CSN: ZZZ0825QKF Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC Copyright (c) 1983, 2014, Oracle and/or its affiliates. All rights reserved Assembled 23 August 2011 # pca --wget=/usr/sfw/bin/wget -d 148120 Using /var/tmp/patchdiag.xref from May/03/15 Host: noname (SunOS 5.10/Generic_Virtual/sparc/sun4v) List: 148120 (1/1172) Patch IR CR RSB Age Synopsis -- -- - -- --- --- --- 148120 -- 02 --- 999 X11 6.6.2: xset patch Looking for 148120-02 (1/1) Trying Oracle Trying https://getupdates.oracle.com/ (1/1) Done -- Download Summary: 1 total, 1 successful, 0 skipped, 0 failed # /usr/sfw/bin/wget -V GNU Wget 1.12 built on solaris2.10. +digest +ipv6 -nls +ntlm +opie +md5/solaris +https -gnutls +openssl -iri Wgetrc: /etc/wgetrc (system) Compile: /ws/on10-tools/SUNWspro/SOS8/bin/cc -DHAVE_CONFIG_H -DSYSTEM_WGETRC=/etc/wgetrc -DLOCALEDIR=/usr/sfw/share/locale -I. -I../lib -I/usr/sfw/include -xO3 -xarch=v8 -xspace -W0,-Lt -W2,-Rcond_elim -Xa -xildoff -xc99 Link: /ws/on10-tools/SUNWspro/SOS8/bin/cc -xO3 -xarch=v8 -xspace -W0,-Lt -W2,-Rcond_elim -Xa -xildoff -xc99 /usr/sfw/lib/libssl.so /usr/sfw/lib/libcrypto.so -R/usr/sfw/lib -lmd5 -ldl -lsocket -lnsl -lrt ftp-opie.o openssl.o http-ntlm.o gen-md5.o ../lib/libgnu.a # pca --version pca 20150327-01 # Verbose: Looking for 148912-01 (1/1) Trying Oracle Trying https://getupdates.oracle.com/ (1/1) src: oracle, srcurl: Adding to /tmp/pca.986105: header=Authorization: Basic base64-user-passwd /usr/sfw/bin/wget --progress=dot:binary --ca-certificate=/usr/local/bin/pca --no-check-certificate --secure-protocol=TLSv1 -O /var/tmp/./148912-01.zip https://getupdates.oracle.com/all_unsigned/148912-01.zip; --2015-05-04 14:43:39-- https://getupdates.oracle.com/all_unsigned/148912-01.zip Resolving getupdates.oracle.com... 141.146.44.51 Connecting to updates.oracle.com|141.146.44.51|:443... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://updates.oracle.com/all_unsigned/148912-01.zip [following] --2015-05-04 14:43:44-- https://updates.oracle.com/all_unsigned/148912-01.zip Connecting to updates.oracle.com|141.146.44.51|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://aru-akam-secure.oracle.com/adcarurepos/vol/patch33/PLATFORM/Solaris-64/R40 110/148912-01.zip?FilePath=/adcarurepos/vol/patch33/PLATFORM/Solaris-64/R4 0110/148912-01.zip ... BTW, that's a branded zone on 11.2. How are you patching 2.10 zones? A bit dumb but timesaving, I'm just relying on -si missingrs and the failure of checks to stop me patching things that I can't or shouldn't. Kind regards, -Original Message- Date: Mon, 04 May 2015 13:44:02 +0200 From: Martin Paul martin.p...@univie.ac.at To: PCA (Patch Check Advanced) Discussion pca@lists.univie.ac.at Subject: Re: [pca] Patch file not downloaded with cipher or hash unavailable Am 03.05.2015 um 11:53 schrieb Frank Langelage: Connecting to aru-akam-secure.oracle.com|184.31.84.14|:443... connected. OpenSSL: error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable Unable to establish SSL connection. Strange. Did patch downloads work on that system before? Did you update wget or pca or install patches recently? The error seems to suggest that certain ciphers are missing from the SSL library. If that's true, and nothing has changed on your system, it would mean that something must have changed on the server. Could other PCA users please test patch downloads and see if they get the same error? Martin.
Re: [pca] Patch file not downloaded with cipher or hash unavailable
On 04.05.15 13:44, Martin Paul wrote: Am 03.05.2015 um 11:53 schrieb Frank Langelage: Connecting to aru-akam-secure.oracle.com|184.31.84.14|:443... connected. OpenSSL: error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable Unable to establish SSL connection. Strange. Did patch downloads work on that system before? Did you update wget or pca or install patches recently? The error seems to suggest that certain ciphers are missing from the SSL library. If that's true, and nothing has changed on your system, it would mean that something must have changed on the server. Could other PCA users please test patch downloads and see if they get the same error? Martin. Martin, last time patches were installed was April 14th. At that time pca / wget worked. Now patches / new packages since then. wget is 1.12 as of January 2015. But root@sb2000:/ ldd /usr/sfw/bin/wget libssl.so.0.9.7 = /usr/sfw/lib/libssl.so.0.9.7 libcrypto.so.0.9.7 =/usr/sfw/lib/libcrypto.so.0.9.7 libmd5.so.1 = /lib/libmd5.so.1 libdl.so.1 =/lib/libdl.so.1 libsocket.so.1 =/lib/libsocket.so.1 libnsl.so.1 = /lib/libnsl.so.1 librt.so.1 =/lib/librt.so.1 libc.so.1 = /lib/libc.so.1 libmp.so.2 =/lib/libmp.so.2 libmd.so.1 =/lib/libmd.so.1 libscf.so.1 = /lib/libscf.so.1 libaio.so.1 = /lib/libaio.so.1 libdoor.so.1 = /lib/libdoor.so.1 libuutil.so.1 = /lib/libuutil.so.1 libgen.so.1 = /lib/libgen.so.1 libcrypto_extra.so.0.9.7 = *(Datei nicht gefunden)* libm.so.2 = /lib/libm.so.2 /platform/SUNW,Sun-Blade-1000/lib/libc_psr.so.1 /platform/SUNW,Sun-Blade-1000/lib/libmd_psr.so.1 libcrypto_extra.so.0.9.7 is missing. SUNWopenssl-libraries was updated on Apr. 14th. root@sb2000:/ grep SUNWopenssl-libraries /var/sadm/install/contents | grep f /usr/sfw/lib/libcrypto.so.0.9.7 f none 0755 root bin 1478540 28194 1427846326 SUNWopenssl-libraries /usr/sfw/lib/libssl.so.0.9.7 f none 0755 root bin 1424792 61922 1427846326 SUNWopenssl-libraries /usr/sfw/lib/llib-lcrypto f none 0644 root bin 1282 46464 1186623729 SUNWopenssl-libraries /usr/sfw/lib/llib-lcrypto.ln f none 0644 root bin 313219 5907 1427805407 SUNWopenssl-libraries /usr/sfw/lib/llib-lssl f none 0644 root bin 293 23152 1106348616 SUNWopenssl-libraries /usr/sfw/lib/llib-lssl.ln f none 0644 root bin 280100 23230 1427805428 SUNWopenssl-libraries /usr/sfw/lib/sparcv9/libcrypto.so.0.9.7 f none 0755 root bin 1875672 8540 1427846326 SUNWopenssl-libraries /usr/sfw/lib/sparcv9/libssl.so.0.9.7 f none 0755 root bin 1500816 24526 1427846326 SUNWopenssl-libraries /usr/sfw/lib/sparcv9/llib-lcrypto.ln f none 0644 root bin 311958 50946 1427805415 SUNWopenssl-libraries /usr/sfw/lib/sparcv9/llib-lssl.ln f none 0644 root bin 278839 17372 1427805437 SUNWopenssl-libraries Relevant patch: 148071-17. According to the README, /usr/sfw/lib/libcrypto_extra.so.0.9.7 should be part of the patch. removed this patch, pca / wget is working again: Downloading xref file to /var/tmp/patchdiag.xref Trying Oracle Trying https://getupdates.oracle.com/ (1/1) Using /var/tmp/patchdiag.xref from May/03/15 Host: sb2000 (SunOS 5.10/Generic_150400-23/sparc/sun4u) List: missing (2/25) Patch IR CR RSB Age Synopsis -- -- - -- --- --- --- 119963 32 33 R-- 4 SunOS 5.10: Shared library patch for C++ Looking for 119963-33 (1/2) Trying Oracle Trying https://getupdates.oracle.com/ (1/1) Done -- 148071 16 17 RS- 21 SunOS 5.10: openssl patch Looking for 148071-17 (2/2) Trying Oracle Trying https://getupdates.oracle.com/ (1/1) Done -- Download Summary: 2 total, 2 successful, 0 skipped, 0 failed Now I'll switch to single user mode and apply these patches and see, if the problem reappears.
Re: [pca] Patch file not downloaded with cipher or hash unavailable
Relevant patch: 148071-17. According to the README, /usr/sfw/lib/libcrypto_extra.so.0.9.7 should be part of the patch. Now I'll switch to single user mode and apply these patches and see, if the problem reappears. Going back to 148071-16 the libraries /usr/sfw/lib/libcrypto_extra.so.0.9.7 and /usr/sfw/lib/libssl_extra.so.0.9.7 and their 64bit counterparts are still missing. They are only installed when package SUNWcry ist installed on the machine. On mine it's not installed. So there must be changes in the other files which get installed in my case which require the existence of SUNWcry and patches.
Re: [pca] Patch file not downloaded with cipher or hash unavailable
Hi Am 04.05.2015 um 20:03 schrieb Frank Langelage fr...@lafr.de: Going back to 148071-16 the libraries /usr/sfw/lib/libcrypto_extra.so.0.9.7 and /usr/sfw/lib/libssl_extra.so.0.9.7 and their 64bit counterparts are still missing. They are only installed when package SUNWcry ist installed on the machine. On mine it's not installed. So there must be changes in the other files which get installed in my case which require the existence of SUNWcry and patches. Oh some old solaris install. Cry was added with update 4. see this note to see how to get it working more or less. https://blogs.oracle.com/patch/entry/do_not_apply_packages_from Greetings Jan
