Bug 918981
| Summary: | random SSL errors between dovecot/mutt with 1:1.0.1e-3.fc18.x86_64 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Christophe Fergeau <cfergeau> |
| Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 18 | CC: | dwmw2, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-03-22 21:16:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Christophe Fergeau
2013-03-07 10:34:45 UTC
Do you have aes-ni support in your cpu? grep aes /proc/cpuinfo This gives me hits on 'aes'. CPU is an Intel(R) Core(TM) i5 CPU M 540 (thinkpad x201) There is an upstream request tracker entry for this issue, unfortunately no resolution yet: http://rt.openssl.org/Ticket/Display.html?id=3002 Ask for a login :( Regardless, good to know I'm not the only one and that it's a known issue! I can live with the older version for now ) Ah thanks David, I didn't realize this could be accessed as a guest. Are you able to reproduce this problem with any other servers? For example openssl s_client -connect mail.uni-paderborn.de:465 Or connecting to IRC servers with SSL, perhaps? (btw, why are you doing this for local IMAP anyway? mutt can quite happily just invoke /usr/libexec/dovecot/imap for you instead of having to log in.) Christophe, please could you confirm whether the problem goes away when you export OPENSSL_ia32cap=~0x200000200000000 (In reply to comment #7) > Are you able to reproduce this problem with any other servers? For example > openssl s_client -connect mail.uni-paderborn.de:465 I've tried a few servers, but could not hit the issue on the initial connection. Note that my dovecot/mutt issue does not happen upon initial connection, but after getting the list of messages and sorting them. openssl s_client -connect localhost:993 works as well > (btw, why are you doing this for local IMAP anyway? mutt can quite happily > just invoke /usr/libexec/dovecot/imap for you instead of having to log in.) Just my sucky sysadmin skills, when something works, I'm generally too lazy to try to get something better ) (In reply to comment #8) > Christophe, please could you confirm whether the problem goes away when you > export OPENSSL_ia32cap=~0x200000200000000 dovecot spawns several processes and cleans the environment in all of them (I looked in /proc/pid/environment), so I could not test that directly. However, I've tried a patch build replacing the OPENSSL_ia32cap getenv() call with this hardcoded value, and I no longer hit this bug with this patched version. openssl-1.0.1e-4.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/openssl-1.0.1e-4.fc18 Package openssl-1.0.1e-4.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssl-1.0.1e-4.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-4069/openssl-1.0.1e-4.fc18 then log in and leave karma (feedback). openssl-1.0.1e-4.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |