[MacPorts] #33715: openssl 1.0.1 breaks multiple ports
MacPorts
noreply at macports.org
Wed Apr 25 10:29:23 PDT 2012
#33715: openssl 1.0.1 breaks multiple ports
-----------------------------------+----------------------------------------
Reporter: pixilla@… | Owner: macports-tickets@…
Type: defect | Status: reopened
Priority: High | Milestone:
Component: ports | Version: 2.0.4
Resolution: | Keywords:
Port: openssl |
-----------------------------------+----------------------------------------
Comment(by pixilla@…):
Replying to [comment:38 diego@…]:
> $ curl -v https://graph.facebook.com/oauth/access_token
> * About to connect() to graph.facebook.com port 443 (#0)
> * Trying 69.171.228.43...
I can reproduce this:
{{{
$ sw_vers -productVersion; \
port -q installed \( name:^openssl$ or name:^curl$ \) and active; \
curl -m5 https://69.171.228.43/oauth/access_token; \
curl -3 -m5 https://69.171.228.43/oauth/access_token
10.5.8
curl @7.25.0_0+ssl (active)
openssl @1.0.1a_0 (active)
curl: (28) SSL connection timeout
curl: (51) SSL: certificate subject name '*.facebook.com' does not match
target host name '69.171.228.43'
}}}
{{{
$ sw_vers -productVersion; \
port -q installed \( name:^openssl$ or name:^curl$ \) and active; \
curl -m5 https://69.171.228.43/oauth/access_token; \
curl -3 -m5 https://69.171.228.43/oauth/access_token
10.6.8
curl @7.25.0_0+ssl+universal (active)
openssl @1.0.1a_1+universal (active)
curl: (28) SSL connection timeout
curl: (51) SSL: certificate subject name '*.facebook.com' does not match
target host name '69.171.228.43'
}}}
{{{
$ sw_vers -productVersion; \
port -q installed \( name:^openssl$ or name:^curl$ \) and active; \
curl -m5 https://69.171.228.43/oauth/access_token; \
curl -3 -m5 https://69.171.228.43/oauth/access_token
10.7.2
curl @7.25.0_0+ssl+universal (active)
openssl @1.0.1a_1+universal (active)
curl: (28) SSL connection timeout
curl: (51) SSL: certificate subject name '*.facebook.com' does not match
target host name '69.171.228.43'
}}}
Much brokeness remains for openssl 1.0.x dependent packages. Apparently,
openssl has options to specify what protocols you _DO NOT_ want to offer
but not what protocols you _DO_ want to offer. So whenever openssl adds
new protocols developers of dependent packages must update their software
to allow turning the new protocol off.
Example: Hotmail has problems with the new TLSv1.2
[http://search.gmane.org/?query=openssl&group=gmane.mail.postfix.user
postfix.user]
[http://article.gmane.org/gmane.mail.postfix.user/229255/match=openssl+1.0.1+workaround+postfix+2.9.2+2.8.10+2.7.9+2.6.15
postfix-openssl-workaround released]
--
Ticket URL: <https://trac.macports.org/ticket/33715#comment:40>
MacPorts <http://www.macports.org/>
Ports system for Mac OS
More information about the macports-tickets
mailing list