[kde-freebsd] problem with https after upgrading

Schaich Alonso alonsoschaich at fastmail.fm
Thu Dec 3 20:53:25 UTC 2015 

On Thu, 3 Dec 2015 19:24:05 +0200
Andriy Gapon <avg at FreeBSD.org> wrote:

> On 03/12/2015 18:36, Andriy Gapon wrote:
> > On 03/12/2015 18:31, Andriy Gapon wrote:
> >> It seems that the problem happens here:
> >>
> >> Program received signal SIGSEGV, Segmentation fault.
> >> 0x00000008180738d9 in sk_deep_copy () from /usr/local/lib/libcrypto.so.8
> >> (kgdb) bt
> >> #0  0x00000008180738d9 in sk_deep_copy () from /usr/local/lib/libcrypto.so.8
> >> #1  0x00000008180b7552 in X509_VERIFY_PARAM_inherit () from
> >> /usr/local/lib/libcrypto.so.8
> >> #2  0x0000000818f5f96e in X509_VERIFY_PARAM_set1 (to=0x819924240, from=0x0) at
> >> /usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/x509_vpm.c:209
> >> #3  0x00000008194ad8da in ssl_verify_cert_chain (s=0x8093dee80, sk=<optimized
> >> out>) at /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_cert.c:495
> > 
> > Hmm, it seems like between frames #2 and #1 the control flow jumps from the base
> > libcrypto to the libcrypto from packages.  Not sure why that happens and what
> > changed...
> > 
> 
> More analysis:
> $ ldd /usr/local/lib/kde4/kio_http.so | fgrep libcrypto
>         libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x802d8c000)
>         libcrypto.so.7 => /lib/libcrypto.so.7 (0x809ce2000)
> 
> It seems that kio_http.so is directly linked to libcrypto.so.8.
> It is also directly linked to libhx509.so.11 (from /usr/lib) which, in turn, is
> linked to libcrypto.so.7.
> 
> Hmm, so, it seems that the problem is in my local environment.  My system has
> fallen a bit behind head / CURRENT, so my OpenSSL libraries are still at version
> 7 while on the latest head they are at 8.  So, apparently kio_http has been
> linked with libcrypto.so.8 from the base on the package building machine.  But
> in my environment the base has libcrypto.so.7, so the wrong libcrypto.so.8 is
> picked up.
> 
> Sorry for the noise.
> -- 
> Andriy Gapon
> _______________________________________________
> kde-freebsd mailing list
> kde-freebsd at kde.org
> https://mail.kde.org/mailman/listinfo/kde-freebsd
> See also http://freebsd.kde.org/ for latest information

It also seems your QtNetwork library is invoking ssl3 stuff, which
IIRC was patched out. The ports build of libQtNetwork.so over here does
not reference ssl23_connect at all. Do we have differing crypto support
depending on the openssl/libressl version in use?

Alonso
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 603 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-freebsd/attachments/20151203/9db3d4a9/attachment.sig>

More information about the kde-freebsd mailing list