Bug 142198 - irc/xchat: Fails to build without SSLv3
Summary: irc/xchat: Fails to build without SSLv3
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Some People
Assignee: freebsd-gnome (Nobody)
URL:
Keywords: easy, needs-qa, patch
: 203699 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-12-31 15:40 UTC by lordsith49
Modified: 2016-07-25 17:41 UTC (History)
6 users (show)

See Also:
koobs: maintainer-feedback? (gnome)


Attachments
Patch for inclusion in files (826 bytes, patch)
2016-01-08 10:43 UTC, Bernard Spil
brnrd: maintainer-approval? (gnome)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description lordsith49 2009-12-31 15:40:01 UTC
I recently updated from FreeBSD 7.2-RELEASE-p5 to 8.0-RELEASE-p1 and did
a full reinstall of all ports. After reinstalling irc/xchat attempting to
connect to a SSL enabled server as I had previously done resulted in the
following error:

Connection failed. Error: (336151568) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

I can connect to the same server without any problems using pidgin IRC
as well as Chatzilla on this same desktop. 

Looking through Google a similar error with xchat occured in Linux when
SSLv3 with newer extensions were implemented in OpenSSL 0.9.8g. The
solution was to dumb down OpenSSL so it didn't use the extension.

How-To-Repeat: Install xchat on FreeBSD 8.0-RELEASE-p1.
Attempt to connect to an SSL secured irc server.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2009-12-31 16:49:57 UTC
Responsible Changed
From-To: freebsd-ports-bugs->gnome

Fix synopsis and assign.
Comment 2 Jeremy Messenger 2009-12-31 21:31:40 UTC
Searched in Google and found a fix in OpenSSL.

http://marc.info/?l=openssl-cvs&m=124095946021321&w=2 (0.9.8 branch w/out  
comment)
http://marc.info/?l=openssl-cvs&m=124095943621291&w=2 (1.0.0 branch w/  
comment)

I have checkout latest of OpenSSL_0_9_8-stable branch in its CVS and  
create a patch. Can you try to patch in your source tree by use this patch  
below and see if it fixes this problem for you?

http://people.freebsd.org/~mezz/diff/patch-crypto_openssl_ssl_t1_lib.c

Cheers,
Mezz


-- 
mezz7@cox.net  -  mezz@FreeBSD.org
FreeBSD GNOME Team
http://www.FreeBSD.org/gnome/  -  gnome@FreeBSD.org
Comment 3 lordsith49 2010-01-04 16:48:33 UTC
Steps I took:

cd /usr/src
patch < /path/to/patch-crypto_openssl_ssl_t1_lib.c
make buildworld

The following error occurred:
cc -O2 -pipe -march=prescott -DTERMIOS -DANSI_SOURCE -I/usr/src/secure/lib/libssl/../../../crypto/openssl -I/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto -I/usr/obj/usr/src/secure/lib/libssl -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_IDEA -DL_ENDIAN -DNO_IDEA -std=gnu99 -fstack-protector  -c /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/t1_enc.c
cc -O2 -pipe -march=prescott -DTERMIOS -DANSI_SOURCE -I/usr/src/secure/lib/libssl/../../../crypto/openssl -I/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto -I/usr/obj/usr/src/secure/lib/libssl -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_IDEA -DL_ENDIAN -DNO_IDEA -std=gnu99 -fstack-protector  -c /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/t1_lib.c
/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/t1_lib.c: In function 'ssl_add_clienthello_tlsext':
/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/t1_lib.c:138: error: 'struct ssl3_state_st' has no member named 'send_connection_binding'
/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/t1_lib.c: In function 'ssl_add_serverhello_tlsext':
/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/t1_lib.c:260: error: 'struct ssl3_state_st' has no member named 'send_connection_binding'
*** Error code 1

Stop in /usr/src/secure/lib/libssl.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src.



Please advise.


Jonathan

> To: bug-followup@freebsd.org; lordsith49@hotmail.com
> Subject: Re: ports/142198: SSLv3 failure with irc/xchat on FreeBSD 8.0
> Date: Thu, 31 Dec 2009 15:31:40 -0600
> From: mezz7@cox.net
> 
> Searched in Google and found a fix in OpenSSL.
> 
> http://marc.info/?l=openssl-cvs&m=124095946021321&w=2 (0.9.8 branch w/out  
> comment)
> http://marc.info/?l=openssl-cvs&m=124095943621291&w=2 (1.0.0 branch w/  
> comment)
> 
> I have checkout latest of OpenSSL_0_9_8-stable branch in its CVS and  
> create a patch. Can you try to patch in your source tree by use this patch  
> below and see if it fixes this problem for you?
> 
> http://people.freebsd.org/~mezz/diff/patch-crypto_openssl_ssl_t1_lib.c
> 
> Cheers,
> Mezz
> 
> 
> -- 
> mezz7@cox.net  -  mezz@FreeBSD.org
> FreeBSD GNOME Team
> http://www.FreeBSD.org/gnome/  -  gnome@FreeBSD.org

 		 	   		  
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
http://clk.atdmt.com/GBL/go/171222984/direct/01/=
Comment 4 Jeremy Messenger 2010-01-06 23:38:46 UTC
On Mon, 04 Jan 2010 10:48:33 -0600, Jonathan Call <lordsith49@hotmail.com>  
wrote:

>
> Steps I took:
>
> cd /usr/src
> patch < /path/to/patch-crypto_openssl_ssl_t1_lib.c
> make buildworld
>
> The following error occurred:
<snip>
>
>
>
> Please advise.

Ah, it means that I can't checkout latest version of 0.9.8 branch. So..  
Let's follow this very same fix:

http://marc.info/?l=openssl-cvs&m=124095946021321&w=2

My other machine is on Windows 7 and I can't shut it down at the moment  
(work related), so not able to update the patch. If you don't mind to edit  
file and let me know the result will be cool.

Thanks,
Mezz

> Jonathan
>
>> To: bug-followup@freebsd.org; lordsith49@hotmail.com
>> Subject: Re: ports/142198: SSLv3 failure with irc/xchat on FreeBSD 8.0
>> Date: Thu, 31 Dec 2009 15:31:40 -0600
>> From: mezz7@cox.net
>>
>> Searched in Google and found a fix in OpenSSL.
>>
>> http://marc.info/?l=openssl-cvs&m=124095946021321&w=2 (0.9.8 branch  
>> w/out
>> comment)
>> http://marc.info/?l=openssl-cvs&m=124095943621291&w=2 (1.0.0 branch w/
>> comment)
>>
>> I have checkout latest of OpenSSL_0_9_8-stable branch in its CVS and
>> create a patch. Can you try to patch in your source tree by use this  
>> patch
>> below and see if it fixes this problem for you?
>>
>> http://people.freebsd.org/~mezz/diff/patch-crypto_openssl_ssl_t1_lib.c
>>
>> Cheers,
>> Mezz
>>
>>
>> --
>> mezz7@cox.net  -  mezz@FreeBSD.org
>> FreeBSD GNOME Team
>> http://www.FreeBSD.org/gnome/  -  gnome@FreeBSD.org


-- 
mezz7@cox.net  -  mezz@FreeBSD.org
FreeBSD GNOME Team
http://www.FreeBSD.org/gnome/  -  gnome@FreeBSD.org
Comment 5 lordsith49 2010-01-08 19:21:52 UTC
I applied that patch and after a 'make buildworld' and a 'make installworld' xchat now connects to an SSL enabled server without any errors.

Jonathan

> To: lordsith49@hotmail.com; bug-followup@freebsd.org
> Subject: Re: ports/142198: SSLv3 failure with irc/xchat on FreeBSD 8.0
> Date: Wed, 6 Jan 2010 17:38:46 -0600
> From: mezz7@cox.net
> 
> On Mon, 04 Jan 2010 10:48:33 -0600, Jonathan Call <lordsith49@hotmail.com>  
> wrote:
> 
> >
> > Steps I took:
> >
> > cd /usr/src
> > patch < /path/to/patch-crypto_openssl_ssl_t1_lib.c
> > make buildworld
> >
> > The following error occurred:
> <snip>
> >
> >
> >
> > Please advise.
> 
> Ah, it means that I can't checkout latest version of 0.9.8 branch. So..  
> Let's follow this very same fix:
> 
> http://marc.info/?l=openssl-cvs&m=124095946021321&w=2
> 
> My other machine is on Windows 7 and I can't shut it down at the moment  
> (work related), so not able to update the patch. If you don't mind to edit  
> file and let me know the result will be cool.
> 
> Thanks,
> Mezz
> 
> > Jonathan
> >
> >> To: bug-followup@freebsd.org; lordsith49@hotmail.com
> >> Subject: Re: ports/142198: SSLv3 failure with irc/xchat on FreeBSD 8.0
> >> Date: Thu, 31 Dec 2009 15:31:40 -0600
> >> From: mezz7@cox.net
> >>
> >> Searched in Google and found a fix in OpenSSL.
> >>
> >> http://marc.info/?l=openssl-cvs&m=124095946021321&w=2 (0.9.8 branch  
> >> w/out
> >> comment)
> >> http://marc.info/?l=openssl-cvs&m=124095943621291&w=2 (1.0.0 branch w/
> >> comment)
> >>
> >> I have checkout latest of OpenSSL_0_9_8-stable branch in its CVS and
> >> create a patch. Can you try to patch in your source tree by use this  
> >> patch
> >> below and see if it fixes this problem for you?
> >>
> >> http://people.freebsd.org/~mezz/diff/patch-crypto_openssl_ssl_t1_lib.c
> >>
> >> Cheers,
> >> Mezz
> >>
> >>
> >> --
> >> mezz7@cox.net  -  mezz@FreeBSD.org
> >> FreeBSD GNOME Team
> >> http://www.FreeBSD.org/gnome/  -  gnome@FreeBSD.org
> 
> 
> -- 
> mezz7@cox.net  -  mezz@FreeBSD.org
> FreeBSD GNOME Team
> http://www.FreeBSD.org/gnome/  -  gnome@FreeBSD.org

 		 	   		  
_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
http://clk.atdmt.com/GBL/go/196390709/direct/01/=
Comment 6 Jeremy Messenger freebsd_committer 2010-01-10 16:50:55 UTC
Responsible Changed
From-To: gnome->simon

Change from ports to kern and gnome to simon, which it's a OpenSSL bug.
Comment 7 Jeremy Messenger 2010-01-10 16:53:02 UTC
On Fri, 08 Jan 2010 13:21:52 -0600, Jonathan Call <lordsith49@hotmail.com>  
wrote:

>
> I applied that patch and after a 'make buildworld' and a 'make  
> installworld' xchat now connects to an SSL enabled server without any  
> errors.

Thanks for tested it!

Cheers,
Mezz

> Jonathan
>
>> To: lordsith49@hotmail.com; bug-followup@freebsd.org
>> Subject: Re: ports/142198: SSLv3 failure with irc/xchat on FreeBSD 8.0
>> Date: Wed, 6 Jan 2010 17:38:46 -0600
>> From: mezz7@cox.net
>>
>> On Mon, 04 Jan 2010 10:48:33 -0600, Jonathan Call  
>> <lordsith49@hotmail.com>
>> wrote:
>>
>> >
>> > Steps I took:
>> >
>> > cd /usr/src
>> > patch < /path/to/patch-crypto_openssl_ssl_t1_lib.c
>> > make buildworld
>> >
>> > The following error occurred:
>> <snip>
>> >
>> >
>> >
>> > Please advise.
>>
>> Ah, it means that I can't checkout latest version of 0.9.8 branch. So..
>> Let's follow this very same fix:
>>
>> http://marc.info/?l=openssl-cvs&m=124095946021321&w=2
>>
>> My other machine is on Windows 7 and I can't shut it down at the moment
>> (work related), so not able to update the patch. If you don't mind to  
>> edit
>> file and let me know the result will be cool.
>>
>> Thanks,
>> Mezz
>>
>> > Jonathan
>> >
>> >> To: bug-followup@freebsd.org; lordsith49@hotmail.com
>> >> Subject: Re: ports/142198: SSLv3 failure with irc/xchat on FreeBSD  
>> 8.0
>> >> Date: Thu, 31 Dec 2009 15:31:40 -0600
>> >> From: mezz7@cox.net
>> >>
>> >> Searched in Google and found a fix in OpenSSL.
>> >>
>> >> http://marc.info/?l=openssl-cvs&m=124095946021321&w=2 (0.9.8 branch
>> >> w/out
>> >> comment)
>> >> http://marc.info/?l=openssl-cvs&m=124095943621291&w=2 (1.0.0 branch  
>> w/
>> >> comment)
>> >>
>> >> I have checkout latest of OpenSSL_0_9_8-stable branch in its CVS and
>> >> create a patch. Can you try to patch in your source tree by use this
>> >> patch
>> >> below and see if it fixes this problem for you?
>> >>
>> >>  
>> http://people.freebsd.org/~mezz/diff/patch-crypto_openssl_ssl_t1_lib.c
>> >>
>> >> Cheers,
>> >> Mezz


-- 
mezz7@cox.net  -  mezz@FreeBSD.org
FreeBSD GNOME Team
http://www.FreeBSD.org/gnome/  -  gnome@FreeBSD.org
Comment 8 Jeremy Messenger 2010-01-10 17:07:24 UTC
Sometimes, PR isn't easy to follow up. Want to write a clean email at once  
without trying to follow up in the PR.

I have searched in Google. I get plenty of result from Linux distro that  
have same error in different applications (not xchat alone). Most of them  
have patched in their OpenSSL. I have found the fix in its CVS.

http://marc.info/?l=openssl-cvs&m=124095946021321&w=2 (0.9.8 branch w/out  
comment)
http://marc.info/?l=openssl-cvs&m=124095943621291&w=2 (1.0.0 branch w/  
comment)

I have tried to checkout latest branch of OpenSSL_0_9_8-stable from its  
CVS, but it changes a lot. I have gone head to create very same patch as  
committed above URL. Jonathan Call has tested this patch and it works for  
him to get xchat connects IRC server with SSL.

Patch:  
http://people.freebsd.org/~mezz/diff/patch-crypto_openssl_ssl_t1_lib.c

It will be great if you can MFC to FreeBSD 8.x and 7.x if it possibles.  
Another way without use patch above is to update the OpenSSL in base  
system.

Cheers,
Mezz


-- 
mezz7@cox.net  -  mezz@FreeBSD.org
FreeBSD GNOME Team
http://www.FreeBSD.org/gnome/  -  gnome@FreeBSD.org
Comment 9 Simon L. B. Nielsen freebsd_committer 2013-06-03 14:50:12 UTC
Responsible Changed
From-To: simon->freebsd-bugs

Send PRs which I'm unlikely to look at back to the pool.
Comment 10 Bernard Spil freebsd_committer 2016-01-08 10:39:57 UTC
*** Bug 203699 has been marked as a duplicate of this bug. ***
Comment 11 Bernard Spil freebsd_committer 2016-01-08 10:43:08 UTC
Created attachment 165250 [details]
Patch for inclusion in files

Patch taken from 203699 by cpbsdmail@gmail.com
Comment 12 Kubilay Kocak freebsd_committer freebsd_triage 2016-01-08 17:24:15 UTC
Can't be in Progress without an Assignee. Let's try to get this 6 year old bug done right.

@Lordsith, if this is still an issue for you please let us know.

I apologise that your bug report fell through the cracks.
Comment 13 Nathan Whitehorn freebsd_committer 2016-03-28 19:04:17 UTC
This is also required to connect to servers with SSLv3 disabled to address POODLE (e.g. Slack). An equivalent Debian bug is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766065
Comment 14 commit-hook freebsd_committer 2016-07-25 17:41:20 UTC
A commit references this bug:

Author: brd
Date: Mon Jul 25 17:41:16 UTC 2016
New revision: 419050
URL: https://svnweb.freebsd.org/changeset/ports/419050

Log:
  Fix connecting to servers with SSLv3 disabled to address POODLE.

  PR:		142198
  Submitted by:	lordsith49@hotmail.com, brnrd

Changes:
  head/irc/xchat/Makefile
  head/irc/xchat/files/patch-src_common_ssl.c