[pkg-lighttpd] Bug#609124: Recent openssl upgrade breaks lighttpd (won't start)
Arno Töll
debian at toell.net
Thu Jan 6 22:09:21 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I couldn't reproduce this for my test setup.
test7:~# grep -rH "ssl" /etc/lighttpd/conf-enabled/
/etc/lighttpd/conf-enabled/10-ssl.conf:## Documentation:
/usr/share/doc/lighttpd-doc/ssl.txt
/etc/lighttpd/conf-enabled/10-ssl.conf:##
http://www.lighttpd.net/documentation/ssl.html
/etc/lighttpd/conf-enabled/10-ssl.conf: ssl.engine
= "enable"
/etc/lighttpd/conf-enabled/10-ssl.conf: ssl.pemfile
= "/etc/lighttpd/server.pem"
test7:~# dpkg -l | grep -E "(lighttpd|ssl)"
ii libssl0.9.8 0.9.8g-15+lenny11 SSL
shared libraries
ii lighttpd 1.4.19-5+lenny1 A
fast webserver with minimal memory footpri
ii openssl 0.9.8g-15+lenny11
Secure Socket Layer (SSL) binary and related
test7:~# netstat -lntp | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:*
LISTEN 2370/lighttpd
While Lenny's code version does indeed [2] contain the buggy line that
has been fixed upstream [1] and in Squeeze's package, this does not seem
to apply for Lenny as well for some reasons (and/or configurations).
Indeed a "openssl s_client" does work as well.
test7:~/lighttpd-1.4.19# apt-cache policy
Package files:
100 /var/lib/dpkg/status
release a=now
500 http://security.debian.org lenny/updates/non-free Packages
release v=5.0,o=Debian,a=stable,l=Debian-Security,c=non-free
origin security.debian.org
500 http://security.debian.org lenny/updates/contrib Packages
release v=5.0,o=Debian,a=stable,l=Debian-Security,c=contrib
origin security.debian.org
500 http://security.debian.org lenny/updates/main Packages
release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
origin security.debian.org
500 http://ftp.de.debian.org lenny/non-free Packages
release v=5.0.7,o=Debian,a=stable,l=Debian,c=non-free
origin ftp.de.debian.org
500 http://ftp.de.debian.org lenny/contrib Packages
release v=5.0.7,o=Debian,a=stable,l=Debian,c=contrib
origin ftp.de.debian.org
500 http://ftp.de.debian.org lenny/main Packages
release v=5.0.7,o=Debian,a=stable,l=Debian,c=main
origin ftp.de.debian.org
Pinned packages:
Could you provide more information, e.g. your SSL configuration?
[1] http://redmine.lighttpd.net/attachments/1095/08-ssl-retval-fix.patch
[2] excerpt from src/network.c:
333 if (!s->ssl_use_sslv2) {
334 /* disable SSLv2 */
335 if (SSL_OP_NO_SSLv2 !=
SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) {
336 log_error_write(srv, __FILE__,
__LINE__, "ss", "SSL:",
- --
with kind regards,
Arno Töll
GnuPG Key-ID: 0x8408D4C4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJNJj2QAAoJELBdpXvEXpo9v7QP/RQbddi9IaU35ROraFpfJfRj
WfDull/JKRQBBAtYBvXzR9TAn9De6AmqPvmzHYidQ8okva8mLJ9vxjv40oXLs637
kVYjLPYOQzTt2mzdDTHlUtLsqFlEHFdk7TWyMzyWCr0VOXuBl3HM0A9Ch+dYxTMw
PuyhrcLhcbntAB9LcdJ2mnzhV6G3n7FaMrp2T2Xvyg0acGXQaDgtrom7C6phqrH8
6vMLdZSmFUC+qREoEhVCghPGHBOACoxhIZ+0yfKzVZH7AxBD1E0o67WHyWoUDFSS
hS3zezSZW0Z5vaqKkgh6pTFV1dAb+4qitjexxcxzfHV6q616e4LNtXGGP/XjG/ad
bAh+Ae3rh8oBWvw0T8aGK2LEM6LMQKHEe28Z3gFHiYeOsYGmiGS69L/vj5vWin0m
dX5mfk8mWhNWdTegzFlis7usoD05FKx7BrLgWtaO3/H+qZjYZ7R9odQhQRiIBZ1e
01LgAfMiYGcnl7S18xy9pVnlAPLce1G1vgz+Bc3EGUuoYTu1BmqV5rvWwcM7RHwx
OVAW5Mzzgt6Rh9RLnpMiHfTRhOqBpTdQEXyK7YTUpMZjmXW+QP8QoloZmd7AoVkj
IkoZub8VIXI22A4pieqm44wshN10CWBQWkFB81jLipEpPfXbZGob1HZ3Dg6dHsGv
JEIA6mUyTCgJvNU/yK7J
=Yh7L
-----END PGP SIGNATURE-----
More information about the pkg-lighttpd-maintainers
mailing list