On Wed, Apr 07, 2010 at 11:49:10AM +0200, Thomas Bächler wrote: > Am 30.03.2010 03:36, schrieb Pierre Schmitz: > > I created a rebuld list for the just released openssl 1.0.0 (Thanks Dan > > for fixing the todo list that fast!). These are 236 packages for each > > architecture; so this will need some kind of planning and a bunch of people > > to help. But for now I'll at least wait for the Gnome and KDE release and > > also Allan's heimdal rebuilds. > > > > Fedora uses openssl 1 since Fedora 12 which means if there are any issues > > we'll probably find a solution there. Till then I just need to port the man > > page patch (easy) and see why it compiles with -DOPENSSL_IA32_SSE2 on > > x86_64 and if that is an issue at all. > > The new openssl breaks RADIUS authentication with wpa_supplicant for me. > It fails to verify the CA certificate and aborts authentication. It > works if I disable verification of the certificates in the configuration > (which is bad, but still helps). I noticed something which sounds similar. After I synched, I rebuilt elinks-git against all the new libs I had installed. Then I noticed I was getting ssl errors whenever I went to an https: site. Turns out I needed to turn off the option connection.ssl.cert_verify: ## connection.ssl.cert_verify [0|1] # Verify the peer's SSL certificate. Note that this needs extensive # configuration of OpenSSL by the user. set connection.ssl.cert_verify = 0 Despite the "extensive configuration" warning, this was working before, but after rebuilding against openssl 1.0.0, it's not. The openssl upgrade brought some changes to /etc/ssl/openssl.cnf. I haven't tracked down yet whether any of those may be responsible for this. -- Jim Pryor profjim@xxxxxxxxxxxx
