Bug 1022647 - openssl-libs-1.0.1e-28.fc19.x86_64 breaks psi TLS (probably any app using the qca2 framework)
Summary: openssl-libs-1.0.1e-28.fc19.x86_64 breaks psi TLS (probably any app using the...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: 19
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1022365 1033070 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-10-23 17:26 UTC by Fritz Elfert
Modified: 2013-11-22 16:48 UTC (History)
6 users (show)

Fixed In Version: openssl-1.0.1e-30.fc18
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-31 03:00:30 UTC
Type: Bug


Attachments (Terms of Use)

Description Fritz Elfert 2013-10-23 17:26:44 UTC
Description of problem:
According to my nightly yum log, a new openssl was installed:
Oct 22 02:36:37 Updated: 1:openssl-libs-1.0.1e-28.fc19.x86_64
Oct 22 02:37:09 Updated: 1:openssl-devel-1.0.1e-28.fc19.x86_64
Oct 22 02:37:11 Updated: 1:openssl-1.0.1e-28.fc19.x86_64
Oct 22 02:37:23 Updated: 1:openssl-libs-1.0.1e-28.fc19.i686
Since then, my Psi (Jabber client) fails to perform a TLS handshake.

Version-Release number of selected component (if applicable):
1.0.1e-28

How reproducible:
Always

Steps to Reproduce:
1. Update openssl
2. Start Psi connecting to an XMPP server using TLS
3.

Actual results:
A dialog appears, displaying the following error:

 "There was an error communicating with the server.
  Details: TLS handshake error"

Expected results:
Connection should work.

Additional info:
Since Psi does not use openssl directly but uses the qca2 framework. Any QT-App which uses that framework might be affected too.

I also performed the following test in order to prove that this version of openssl is the actual culprit:

1. Fetch the old openssl rpms
2. Unpack those using rpm2cpio into a local dir: /home/felfert/ssltest/x
3. Use LD_LIBRARY_PATH=/home/felfert/ssltest/x/usr/lib64 to force psi using the older openssl
=> Psi works like before the update.

Comment 1 Vladimir Mosgalin 2013-10-24 10:21:05 UTC
Looks like the same problem as I got with gajim (bug 1022493)

Comment 2 Tomas Mraz 2013-10-24 11:28:53 UTC
Can you please try openssl-1.0.1e-29.fc19 ?

Comment 3 Fedora Update System 2013-10-24 13:09:59 UTC
openssl-1.0.1e-29.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/openssl-1.0.1e-29.fc19

Comment 4 Fedora Update System 2013-10-24 13:10:13 UTC
openssl-1.0.1e-29.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openssl-1.0.1e-29.fc20

Comment 5 Fedora Update System 2013-10-24 13:10:36 UTC
openssl-1.0.1e-29.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/openssl-1.0.1e-29.fc18

Comment 6 Fedora Update System 2013-10-24 17:46:32 UTC
Package openssl-1.0.1e-29.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssl-1.0.1e-29.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-19845/openssl-1.0.1e-29.fc20
then log in and leave karma (feedback).

Comment 7 Fritz Elfert 2013-10-24 18:13:22 UTC
Fetched 1.0.1e-29 from koji manually (it had not hit the repo yet) and it indeed fixes the Psi TLS issue :) - Thanks a lot!

Comment 8 Tomas Dolezal 2013-10-24 23:51:29 UTC
I also confirm the TLS fix, Psi+ client. x86_64

Thanks

Comment 9 Tomas Mraz 2013-10-25 10:53:10 UTC
*** Bug 1022365 has been marked as a duplicate of this bug. ***

Comment 10 Fedora Update System 2013-10-26 00:54:38 UTC
openssl-1.0.1e-29.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2013-10-29 16:42:21 UTC
openssl-1.0.1e-30.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/openssl-1.0.1e-30.fc18

Comment 12 Fedora Update System 2013-10-29 16:42:52 UTC
openssl-1.0.1e-30.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/openssl-1.0.1e-30.fc19

Comment 13 Fedora Update System 2013-10-29 16:43:12 UTC
openssl-1.0.1e-30.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openssl-1.0.1e-30.fc20

Comment 14 Fedora Update System 2013-10-30 01:51:57 UTC
Package openssl-1.0.1e-30.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssl-1.0.1e-30.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-20263/openssl-1.0.1e-30.fc18
then log in and leave karma (feedback).

Comment 15 Fedora Update System 2013-10-31 03:00:30 UTC
openssl-1.0.1e-30.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2013-11-10 06:32:24 UTC
openssl-1.0.1e-29.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 17 Fedora Update System 2013-11-10 06:52:49 UTC
openssl-1.0.1e-30.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2013-11-14 03:36:57 UTC
openssl-1.0.1e-30.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Tomas Mraz 2013-11-22 15:21:23 UTC
*** Bug 1033070 has been marked as a duplicate of this bug. ***

Comment 20 Dominique MAGNE 2013-11-22 16:48:28 UTC
the bug 1033070 is not corrected.

the latest version has not corrected the problem 1033070.
Moreover, since it is the bug fix 1022647 that the problem occurred


Note You need to log in before you can comment on or make changes to this bug.