Hi, might be missing something here, but if OpenSSL integrated their fix
across all versions, what is holding Jammy from getting a new package
with this fix?
Is it just an issue of time for testing it? Or is it something that is
missing?
--
You received this bug notification because you are a me
Tested libssl1.1_1.1.1f-1ubuntu2.10_arm64.deb on an arm64 setup with
older wget installed (1.20.3-1ubuntu1), and PKA engine (1.3) configured
with debug prints.
OpenSSL indeed loaded the PKA engine only once, causing wget to work as
expected even without wget's patch against loading the engines onl
The wget package that was tested and approved on our setup (using PKA
1.3 engine) is the one you declared above - 1.20.3-1ubuntu2. The tests
were basic functionality tests for wget, including debugging to verify
that the engine is loaded exactly once.
Same for curl (exactly the same procedure).
-
following my request, OpenSSL just integrated a fix to avoid loading an
engine twice even if the configuration is parsed more than once:
https://github.com/openssl/openssl/commit/9b06ebb1edfddffea083ba36090af7eb7cad207b
Integrating this patch in the existing OpenSSL 1.1.1 package (or at
least pack
Loading the configuration only once will resolve this issue, and is the
recommended code fix.
On top of this bug fix, and as mentioned above, we recommend that future
versions will incorporate an API change that will shift the ownership on
releasing the pointers to the engine that allocated them o
While trying to understand why a fix in PKA that guards against multiple
destroys (https://github.com/Mellanox/pka/pull/37/files) didn't bypass
this issue, I found the following.
bind() operation of engines is expected to populate the pmeths and
ameths of an existing engine (https://github.com/gos
Hi,
Sorry for interrupting your thread, this bug has been prioritized on our
end (I work at NVIDIA) so I joined the triaging effort and I believe I
found the root cause for the crash. For the record, I used wget, but it
behaves the same to curl.
First of all, it seems that it isn't that far off f
7 matches
Mail list logo
