[bug-notifications] [openssl 0004931]: "git clone https: ..." fails: Request to upgrade OpenSSL to 1.0.0h or newer.
Mantis Bug Tracker
noreply at opencsw.org
Thu Apr 5 06:04:33 CEST 2012
A NOTE has been added to this issue.
======================================================================
https://www.opencsw.org/mantis/view.php?id=4931
======================================================================
Reported By: zephyrus00jp
Assigned To:
======================================================================
Project: openssl
Issue ID: 4931
Category: upgrade
Reproducibility: always
Severity: major
Priority: normal
Status: new
======================================================================
Date Submitted: 2012-04-02 15:50 CEST
Last Modified: 2012-04-05 06:04 CEST
======================================================================
Summary: "git clone https: ..." fails: Request to upgrade
OpenSSL to 1.0.0h or newer.
Description:
On solaris 10, I found that
git clone https:....
failed.
To make a long story short, I tracked down this to the failure of curl
library used by git, and then this curl library seems to be failing
in openssl modules.
The following is more detailed explanation and my fiding:
serverfault.com/questions/374053/solaris-10-opencsw-git-package-issue-with-bitbucket-git-hosting
Based on some similar reports, I think it is best to
offer openssl 1.0.0h or newer, and then re-compile curl libraries (making
sure that openssl versions are used), and recompile git tools as well.
I don't know much about OpenCSW packaging and so I can't try to
recompile openssl and figure out whether upgrading helps or not.
======================================================================
----------------------------------------------------------------------
(0009793) zephyrus00jp (reporter) - 2012-04-05 06:04
https://www.opencsw.org/mantis/view.php?id=4931#c9793
----------------------------------------------------------------------
On a different LINUX PC where git clone https: ... worked,
I found that it uses OpenSSL/0.9.8o (!).
I can't see what is wrong now.
curl --version
curl 7.21.0 (i486-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.6
libidn/1.23 libssh2/1.2.6
Protocols: dict file ftp ftps http https imap imaps ldap ldaps pop3 pop3s
rtsp scp sftp smtp smtps telnet tftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
userid at debian-vbox-userid:/extra/userid/download/repos$ ls
/usr/lib/libcurl*
/usr/lib/libcurl.so.3@ /usr/lib/libcurl.so.4@ /usr/lib/libcurl.so.4.2.0
userid at debian-vbox-userid:/extra/userid/download/repos$
all I can say is that
git invokes git -> git-remote-https -> uses curl and friends (of course,
SSL related), and then fails on Solaris.
If the binaries are not the culprit, maybe the CA-certificate data is
not quite complete? I will dig into it.
More information about the bug-notifications
mailing list