Bug 477073 - Aventail VPN client didn't work, and upgrading openssl fixed it
Aventail VPN client didn't work, and upgrading openssl fixed it
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-18 17:29 EST by Garrett Mitchener
Modified: 2009-06-30 06:50 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-30 06:50:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Garrett Mitchener 2008-12-18 17:29:04 EST
Description of problem: Aventail VPN client didn't work, and upgrading openssl fixed it.


Version-Release number of selected component (if applicable): non-working version is openssl-0.9.8g-11.fc10.i686.  I finally got it to work with 0.9.8i, see below.


How reproducible: always


Steps to Reproduce:
1. install f10
2. install the aventail vpn client
3. try to connect to my network and it fails as described by someone else here:
http://just-another.net/2008/11/20/ubuntu-intrepid-and-aventail-ssl-client/

Additional info:

The problem seems to be in a handshake that fails somewhere along the line.

I was able to get the vpn client to work by downloading openssl-0.9.8i.tar.gz from openssl.org.  I unpacked it, ran './config shared' and 'make'.  I didn't install it.  Instead, I know that the vpn client makes links in /lib to the libraries it needs.  So I moved those to point to the libssl.so.0.9.8 in the directory where I built openssl-0.9.8i.  Now the vpn client seems to be working.

I suspect that this particular vpn setup requires something that either doesn't work in the 0.9.8g version or was removed somehow when they built the rpm.  I've been building and rebuilding the rpm all day and I can't get it to work, so I'm giving up now that I have this hack working.
Comment 1 Tomas Mraz 2008-12-19 03:47:31 EST
I will update the openssl version in rawhide soon. But unfortunately it is not possible to update the F10 due to ABI changes. If you were able to find out which changes in which files in 0.9.8i make it work I would happily add them to the F10 0.9.8g package.
Comment 2 Garrett Mitchener 2008-12-19 12:05:12 EST
Okay.

Well, here's some other info.

I downloaded openssl-0.9.8g from openssl.org and built that using just default build options and no patches, as in './config shared' and 'make' etc.  I used symbolic links in /lib to get the aventail vpn client to use those libraries -- and it worked.  So, there's either some configuration option or a patch in the 0.9.8g RPM that's breaking something and it's probably going to take me a long time to figure out which.
Comment 3 Tomas Mraz 2008-12-23 09:42:24 EST
It might be missing algorithm or whatever. Perhaps you could first try removing the patches from the src.rpm and rebuilding it. Unfortunately I can hardly help you finding the cause because I do not have the Aventail VPN. So unless you're able to isolate what's causing the problem I am sorry but I will have to mark it CLOSED-CANTFIX.
Comment 4 Bug Zapper 2009-06-09 06:18:36 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.