[MacPorts] #33715: openssl 1.0.1 breaks multiple ports

MacPorts noreply at macports.org
Wed Apr 25 10:29:23 PDT 2012 

#33715: openssl 1.0.1 breaks multiple ports
-----------------------------------+----------------------------------------
  Reporter:  pixilla@…             |       Owner:  macports-tickets@…                   
      Type:  defect                |      Status:  reopened                             
  Priority:  High                  |   Milestone:                                       
 Component:  ports                 |     Version:  2.0.4                                
Resolution:                        |    Keywords:                                       
      Port:  openssl               |  
-----------------------------------+----------------------------------------

Comment(by pixilla@…):

 Replying to [comment:38 diego@…]:
 > $ curl -v https://graph.facebook.com/oauth/access_token
 > * About to connect() to graph.facebook.com port 443 (#0)
 > *   Trying 69.171.228.43...

 I can reproduce this:
 {{{
 $ sw_vers -productVersion; \
   port -q installed \( name:^openssl$ or name:^curl$ \) and active; \
   curl -m5 https://69.171.228.43/oauth/access_token; \
   curl -3 -m5 https://69.171.228.43/oauth/access_token
 10.5.8
   curl @7.25.0_0+ssl (active)
   openssl @1.0.1a_0 (active)
 curl: (28) SSL connection timeout
 curl: (51) SSL: certificate subject name '*.facebook.com' does not match
 target host name '69.171.228.43'
 }}}
 {{{
 $ sw_vers -productVersion; \
   port -q installed \( name:^openssl$ or name:^curl$ \) and active; \
   curl -m5 https://69.171.228.43/oauth/access_token; \
   curl -3 -m5 https://69.171.228.43/oauth/access_token
 10.6.8
   curl @7.25.0_0+ssl+universal (active)
   openssl @1.0.1a_1+universal (active)
 curl: (28) SSL connection timeout
 curl: (51) SSL: certificate subject name '*.facebook.com' does not match
 target host name '69.171.228.43'
 }}}
 {{{
 $ sw_vers -productVersion; \
   port -q installed \( name:^openssl$ or name:^curl$ \) and active; \
   curl -m5 https://69.171.228.43/oauth/access_token; \
   curl -3 -m5 https://69.171.228.43/oauth/access_token
 10.7.2
   curl @7.25.0_0+ssl+universal (active)
   openssl @1.0.1a_1+universal (active)
 curl: (28) SSL connection timeout
 curl: (51) SSL: certificate subject name '*.facebook.com' does not match
 target host name '69.171.228.43'
 }}}
 Much brokeness remains for openssl 1.0.x dependent packages. Apparently,
 openssl has options to specify what protocols you _DO NOT_ want to offer
 but not what protocols you _DO_ want to offer. So whenever openssl adds
 new protocols developers of dependent packages must update their software
 to allow turning the new protocol off.

 Example: Hotmail has problems with the new TLSv1.2
 [http://search.gmane.org/?query=openssl&group=gmane.mail.postfix.user
 postfix.user]
 [http://article.gmane.org/gmane.mail.postfix.user/229255/match=openssl+1.0.1+workaround+postfix+2.9.2+2.8.10+2.7.9+2.6.15
 postfix-openssl-workaround released]

-- 
Ticket URL: <https://trac.macports.org/ticket/33715#comment:40>
MacPorts <http://www.macports.org/>
Ports system for Mac OS

More information about the macports-tickets mailing list