Discussion:
https unpleasantness
corvid
2012-10-18 02:32:10 UTC
Permalink
I recompiled the https dpi today, and it no longer wanted to work.

I had upgraded slackware in recent weeks, so my openssl version
has gone from 0.9.8x to 1.0.1c, which may or may not be relevant
at all.

The SSL_connect() was failing.

Adding in some error-printing got me
"error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol".

The search engine suggested that one possibility was that a server
could be displeased with a cipher that's offered, so I changed
SSL_set_cipher_list(ssl_connection, "ALL");
to "TLSv1" randomly, and it now worked.

https://www.openssl.org/docs/apps/ciphers.html shows lots of
possibilities, and I tried "DEFAULT". This worked as well.
It sounds like the difference is that the default doesn't include
aNULL ciphers. Another page says that aNULL means cipher suites
that do not offer authentication.

I don't really know what's going on here, obviously.
Jorge Arellano Cid
2012-10-18 15:34:23 UTC
Permalink
Post by corvid
I recompiled the https dpi today, and it no longer wanted to work.
I had upgraded slackware in recent weeks, so my openssl version
has gone from 0.9.8x to 1.0.1c, which may or may not be relevant
at all.
The SSL_connect() was failing.
Adding in some error-printing got me
"error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol".
The search engine suggested that one possibility was that a server
could be displeased with a cipher that's offered, so I changed
SSL_set_cipher_list(ssl_connection, "ALL");
to "TLSv1" randomly, and it now worked.
https://www.openssl.org/docs/apps/ciphers.html shows lots of
possibilities, and I tried "DEFAULT". This worked as well.
It sounds like the difference is that the default doesn't include
aNULL ciphers. Another page says that aNULL means cipher suites
that do not offer authentication.
I don't really know what's going on here, obviously.
Neither me.
--
Cheers
Jorge.-
Axel Beckert
2012-10-18 15:44:07 UTC
Permalink
Hi,
Post by corvid
I had upgraded slackware in recent weeks, so my openssl version
has gone from 0.9.8x to 1.0.1c, which may or may not be relevant
at all.
At least on Debian dillo 3.0.2 builds fine with OpenSSL 1.0.1c:

http://packages.debian.org/wheezy/dillo
http://packages.debian.org/wheezy/libssl1.0.0 (currently version 1.0.1c)

Just tried it on an uptodate Debian Unstable. And I don't use any
patches against the original source. I just update config.guess,
config.sub and friends to the autotools version in Debian.

Kind regards, Axel
--
/~\ Plain Text Ribbon Campaign | Axel Beckert
\ / Say No to HTML in E-Mail and News | abe-***@public.gmane.org (Mail)
X See http://www.asciiribbon.org/ | abe-***@public.gmane.org (Mail+Jabber)
/ \ I love long mails: http://email.is-not-s.ms/ | http://noone.org/abe/ (Web)
Jeremy Henty
2012-10-18 17:31:04 UTC
Permalink
Post by corvid
I recompiled the https dpi today, and it no longer wanted to work.
I had upgraded slackware in recent weeks, so my openssl version has
gone from 0.9.8x to 1.0.1c, which may or may not be relevant at all.
I think it is very unlikely to be relevant. I upgraded to 1.0.1c in
mid-August and I have rebuilt Dillo many times since then (pretty much
every time I see a commit).

Jeremy
corvid
2012-10-18 17:59:10 UTC
Permalink
Post by Jeremy Henty
Post by corvid
I recompiled the https dpi today, and it no longer wanted to work.
I had upgraded slackware in recent weeks, so my openssl version has
gone from 0.9.8x to 1.0.1c, which may or may not be relevant at all.
I think it is very unlikely to be relevant. I upgraded to 1.0.1c in
mid-August and I have rebuilt Dillo many times since then (pretty much
every time I see a commit).
Yeah, I couldn't imagine that I wouldn't have heard of this before if it
were happening to others... I wonder what's weird about my system...
higuita
2012-10-18 21:07:18 UTC
Permalink
Hi
Post by corvid
Post by corvid
I recompiled the https dpi today, and it no longer wanted to work.
I had upgraded slackware in recent weeks, so my openssl version has
gone from 0.9.8x to 1.0.1c, which may or may not be relevant at all.
Yeah, I couldn't imagine that I wouldn't have heard of this before if it
were happening to others... I wonder what's weird about my system...
Its really your system, i'm in a slackware64 14.0 and just rebuild
latest fltk, the latest dillo, https dpi and all works fine.

Are you sure that you dont have a stale https.dpi somewhere?

Good luck
higuita
--
Naturally the common people don't want war... but after all it is the
leaders of a country who determine the policy, and it is always a
simple matter to drag the people along, whether it is a democracy, or
a fascist dictatorship, or a parliament, or a communist dictatorship.
Voice or no voice, the people can always be brought to the bidding of
the leaders. That is easy. All you have to do is tell them they are
being attacked, and denounce the pacifists for lack of patriotism and
exposing the country to danger. It works the same in every country.
-- Hermann Goering, Nazi and war criminal, 1883-1946
corvid
2012-10-18 21:35:31 UTC
Permalink
Post by higuita
Its really your system, i'm in a slackware64 14.0 and just rebuild
latest fltk, the latest dillo, https dpi and all works fine.
That's good.
Post by higuita
Are you sure that you dont have a stale https.dpi somewhere?
Yup. I don't install dillo, but rather copy the dpi manually into
~/.dillo/dpi/https/ , plus I went through a few rounds of adding
debugging info to it and seeing the effects of that info each time.
Continue reading on narkive:
Loading...