I recompiled the https dpi today, and it no longer wanted to work. I had upgraded slackware in recent weeks, so my openssl version has gone from 0.9.8x to 1.0.1c, which may or may not be relevant at all. The SSL_connect() was failing. Adding in some error-printing got me "error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol". The search engine suggested that one possibility was that a server could be displeased with a cipher that's offered, so I changed SSL_set_cipher_list(ssl_connection, "ALL"); to "TLSv1" randomly, and it now worked. https://www.openssl.org/docs/apps/ciphers.html shows lots of possibilities, and I tried "DEFAULT". This worked as well. It sounds like the difference is that the default doesn't include aNULL ciphers. Another page says that aNULL means cipher suites that do not offer authentication. I don't really know what's going on here, obviously.
On Thu, Oct 18, 2012 at 02:32:10AM +0000, corvid wrote:
I recompiled the https dpi today, and it no longer wanted to work.
I had upgraded slackware in recent weeks, so my openssl version has gone from 0.9.8x to 1.0.1c, which may or may not be relevant at all.
The SSL_connect() was failing.
Adding in some error-printing got me "error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol".
The search engine suggested that one possibility was that a server could be displeased with a cipher that's offered, so I changed SSL_set_cipher_list(ssl_connection, "ALL"); to "TLSv1" randomly, and it now worked.
https://www.openssl.org/docs/apps/ciphers.html shows lots of possibilities, and I tried "DEFAULT". This worked as well. It sounds like the difference is that the default doesn't include aNULL ciphers. Another page says that aNULL means cipher suites that do not offer authentication.
I don't really know what's going on here, obviously.
Neither me. -- Cheers Jorge.-
Hi, On Thu, Oct 18, 2012 at 02:32:10AM +0000, corvid wrote:
I had upgraded slackware in recent weeks, so my openssl version has gone from 0.9.8x to 1.0.1c, which may or may not be relevant at all.
At least on Debian dillo 3.0.2 builds fine with OpenSSL 1.0.1c: http://packages.debian.org/wheezy/dillo http://packages.debian.org/wheezy/libssl1.0.0 (currently version 1.0.1c) Just tried it on an uptodate Debian Unstable. And I don't use any patches against the original source. I just update config.guess, config.sub and friends to the autotools version in Debian. Kind regards, Axel -- /~\ Plain Text Ribbon Campaign | Axel Beckert \ / Say No to HTML in E-Mail and News | abe at deuxchevaux.org (Mail) X See http://www.asciiribbon.org/ | abe at noone.org (Mail+Jabber) / \ I love long mails: http://email.is-not-s.ms/ | http://noone.org/abe/ (Web)
corvid wrote:
I recompiled the https dpi today, and it no longer wanted to work.
I had upgraded slackware in recent weeks, so my openssl version has gone from 0.9.8x to 1.0.1c, which may or may not be relevant at all.
I think it is very unlikely to be relevant. I upgraded to 1.0.1c in mid-August and I have rebuilt Dillo many times since then (pretty much every time I see a commit). Jeremy
Jeremy wrote:
corvid wrote:
I recompiled the https dpi today, and it no longer wanted to work.
I had upgraded slackware in recent weeks, so my openssl version has gone from 0.9.8x to 1.0.1c, which may or may not be relevant at all.
I think it is very unlikely to be relevant. I upgraded to 1.0.1c in mid-August and I have rebuilt Dillo many times since then (pretty much every time I see a commit).
Yeah, I couldn't imagine that I wouldn't have heard of this before if it were happening to others... I wonder what's weird about my system...
Hi
I recompiled the https dpi today, and it no longer wanted to work. I had upgraded slackware in recent weeks, so my openssl version has gone from 0.9.8x to 1.0.1c, which may or may not be relevant at all. Yeah, I couldn't imagine that I wouldn't have heard of this before if it were happening to others... I wonder what's weird about my system...
Its really your system, i'm in a slackware64 14.0 and just rebuild latest fltk, the latest dillo, https dpi and all works fine. Are you sure that you dont have a stale https.dpi somewhere? Good luck higuita -- Naturally the common people don't want war... but after all it is the leaders of a country who determine the policy, and it is always a simple matter to drag the people along, whether it is a democracy, or a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in every country. -- Hermann Goering, Nazi and war criminal, 1883-1946
higuita wrote:
Its really your system, i'm in a slackware64 14.0 and just rebuild latest fltk, the latest dillo, https dpi and all works fine.
That's good.
Are you sure that you dont have a stale https.dpi somewhere?
Yup. I don't install dillo, but rather copy the dpi manually into ~/.dillo/dpi/https/ , plus I went through a few rounds of adding debugging info to it and seeing the effects of that info each time.
participants (5)
-
abe@deuxchevaux.org -
corvid@lavabit.com -
higuita7@yahoo.co.uk -
jcid@dillo.org -
onepoint@starurchin.org