Results 1 to 3 of 3

Thread: sles 11sp1 lbopenssl patch in error, stunnel stops working

Hybrid View

  1. #1

    Angry sles 11sp1 lbopenssl patch in error, stunnel stops working

    Crossposted from Suse networking, same thread:
    Maybe this is the right forum

    I am using stunnel as an encryption tool for telnet sessions. access via windows stunnel clients (various versions of stunnel)
    is checked by checking for a client certificate (verify=3)

    On 18th of July Suse did an patch for libopenssl which upgraded libopenssl0_9_8 (0.9.8j-0.38.1) to libopenssl0_9_8 (0.9.8j-0.44.1)

    After this update stunnel 4.36-0.6.1 stopped working, no more tunnels could be opended
    Reverting to the previous libopenssl version 0.38.1 cured the error.

    I posted the error on the suse support page ( report error ) but until now there was no patch for stunnel or libopenssl

    /etc/mcstunnel.config:
    client = no
    pid = /var/run/stunnel.pid
    debug = 7
    chroot = /var/lib/stunnel
    setuid = stunnel
    setgid = nogroup
    output = /var/run/stunnel.log
    libwrap=yes
    verify = 3
    CApath = /certs
    cert = /etc/stunnel/stunnel.pem
    [telnet]
    accept = 11111
    connect = telnetserver:23

    I got an automatic reply yesterday
    "It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply. .... "

    So I post it here. Maybe I get hers some reaction from suse.

    My problem is still open, I posted this here because Suse did make no attempt to correct their error.
    I do not know if this is the correct thread, but I hoped for some corrective action.

    I have a maintainance contract with Suse for 25 servers, but only for the download of patches.
    I think they will look at the error only if I have a support contract which costs a lot more.
    I can help myself but it is tedious to manually block patches.

    I have this error since 18th of july when suse introduced an erroneous libopenssl patch.
    I posted the error on the suse support page ( report error ), but it is indicated there,
    that they will not be able to report back a reaction. I still wait for a stunnel or libopenssl
    patch over the suse patch notification.

    I can circumvent it by prohibiting installation of the libopenssl update, but that is tedious,
    because it means manual intervention at any installation of patches.

    If they make an erroneous patch and I report it back to them I expect to have an error
    correction ready after 45 days. But I think they put my error report in the trash bin

  2. #2
    ab NNTP User

    Re: sles 11sp1 lbopenssl patch in error, stunnel stops working

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    See reply in your original thread:

    http://forums.suse.com/showthread.php?t=1429

    Good luck.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.19 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

    iQIcBAEBAgAGBQJQQKTUAAoJEF+XTK08PnB5YBsP/Al7NtuqOUyOsRjybKOd8hKG
    L4GoxRY5kv6PfgBcmWDshXNcA3psLtHYpkTpD9feJuKKqFDkeS 4reCr0FakmrWyr
    9ZmhSbOZf9xGCyD64JfEWYdLU3E0iMAPYw1HQOBo+I4YTKZ/9bSkOT/fyvO3Rk3J
    hHj6yeLJktuRXxAZbNDidkdsyKrQXH/jSqmWQm1r5wt0gNHd1hUsFHw/U3rnfvyT
    AVrsJOf+mglWPXEfbD4/Tehw50vVNEUIbVj8Glnv1IHO9s2UKZFXWL/DzeBvxAGg
    E98mOe95Jk/U/tbWiWVwsBvlfZK0PyyQTGKq7Zyd/5a2f/CwAm2DgDCN6LRMMnBu
    qj212FVilDYgyrYpv7/LUtBcn1OVk8JlZvdK9l8KsPNi61G+mSLRNFRAuY53b4Yp
    AKeLFVe3BQxAieMXNQ8pju4ZZv64FdENOqQP7fUWLhE6XXWxNs HOJdiwEaFKShmh
    1YGNnJsg2xTbnBAScsNq3S6+p3Ile+Fs9u2COR81/M5Jdi9e0HRrShCN910MSiMc
    zrFIJb1h/R+iRPeJN8pFYOiqtoQ4t98islKJ5uOoYcIYOOOE1G5xHmaKlRl 30AsR
    Q+Q+NHtaCX3mrgUlxFAz+4NQgbt0ryCfd8jWhWTlp9ftbSIsQX iml1Ah69bRoR76
    eSAzh1kNByf5stbohOcX
    =RK99
    -----END PGP SIGNATURE-----

  3. #3

    Re: sles 11sp1 lbopenssl patch in error, stunnel stops worki

    On 20120901 suse released a recommended update for stunnel 6726 ( stunnel-4.36-0.10.1.x86_64.rpm )
    This solves the problem for sles 11 SP2 and we can again apply the current libopenssl patches.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •