Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1051747: p11tool should use libssl3
263 views
Skip to first unread message
Philipp Marek
Sep 12, 2023, 2:10:05 AM9/12/23
to
Package: gnutls-bin
Version: 3.8.1-4+b1
Severity: normal
X-Debbugs-Cc: phi...@marek.priv.at
After removing libssl1.1:amd64=1.1.1o-1 I can't run p11tool any more:
# LD_DEBUG=libs p11tool
1708431: find library=libcrypto.so.1.0.1 [0]; searching
...
1708431: find library=libcrypto.so.1.0.0 [0]; searching
...
1708431: find library=libcrypto.so.1.0 [0]; searching
...
1708431: find library=libcrypto.so.10 [0]; searching
...
1708431: find library=libcrypto.so.1.1 [0]; searching
1708431: search path=/usr/lib (system search path)
1708431: trying file=/usr/lib/libcrypto.so.1.1
1708431: search cache=/etc/ld.so.cache
1708431: search path=/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/lib:/usr/lib (system search path)
1708431: trying file=/lib/x86_64-linux-gnu/libcrypto.so.1.1
1708431: trying file=/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
1708431: trying file=/lib/libcrypto.so.1.1
1708431: trying file=/usr/lib/libcrypto.so.1.1
1708431:
p11tool: CRYPTO/Crypto.c:355: init_openssl_crypto: Assertion `lib' failed.
https://packages.debian.org/search?searchon=contents&keywords=libcrypto.so
says that libssl-dev contains a libcrypto.so;
I've got libssl-dev:amd64 3.0.10-1 installed,
but p11tool only looks for 1.x, and 3.x is incompatible AFAIR.
(Re)installing http://snapshot.debian.org/archive/debian/20230910T024957Z/pool/main/o/openssl/libssl1.1_1.1.1v-0~deb11u1_amd64.deb
makes it work again.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.4.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), LANGUAGE=de_AT:de
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gnutls-bin depends on:
ii libc6 2.37-7
ii libgnutls-dane0 3.8.1-4+b1
ii libgnutls30 3.8.1-4+b1
ii libtasn1-6 4.19.0-3
gnutls-bin recommends no packages.
gnutls-bin suggests no packages.
-- no debconf information
-- debsums errors found:
debsums: can't check gnutls-bin file /usr/share/doc/gnutls-bin/changelog.Debian.amd64.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/doc/gnutls-bin/changelog.Debian.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/doc/gnutls-bin/changelog.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/certtool.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/danetool.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/gnutls-cli-debug.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/gnutls-cli.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/gnutls-serv.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/ocsptool.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/p11tool.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/psktool.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/tpmtool.1.gz (Wide character in subroutine entry)
Version: 3.8.1-4+b1
Severity: normal
X-Debbugs-Cc: phi...@marek.priv.at
After removing libssl1.1:amd64=1.1.1o-1 I can't run p11tool any more:
# LD_DEBUG=libs p11tool
1708431: find library=libcrypto.so.1.0.1 [0]; searching
...
1708431: find library=libcrypto.so.1.0.0 [0]; searching
...
1708431: find library=libcrypto.so.1.0 [0]; searching
...
1708431: find library=libcrypto.so.10 [0]; searching
...
1708431: find library=libcrypto.so.1.1 [0]; searching
1708431: search path=/usr/lib (system search path)
1708431: trying file=/usr/lib/libcrypto.so.1.1
1708431: search cache=/etc/ld.so.cache
1708431: search path=/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/lib:/usr/lib (system search path)
1708431: trying file=/lib/x86_64-linux-gnu/libcrypto.so.1.1
1708431: trying file=/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
1708431: trying file=/lib/libcrypto.so.1.1
1708431: trying file=/usr/lib/libcrypto.so.1.1
1708431:
p11tool: CRYPTO/Crypto.c:355: init_openssl_crypto: Assertion `lib' failed.
https://packages.debian.org/search?searchon=contents&keywords=libcrypto.so
says that libssl-dev contains a libcrypto.so;
I've got libssl-dev:amd64 3.0.10-1 installed,
but p11tool only looks for 1.x, and 3.x is incompatible AFAIR.
(Re)installing http://snapshot.debian.org/archive/debian/20230910T024957Z/pool/main/o/openssl/libssl1.1_1.1.1v-0~deb11u1_amd64.deb
makes it work again.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.4.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), LANGUAGE=de_AT:de
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gnutls-bin depends on:
ii libc6 2.37-7
ii libgnutls-dane0 3.8.1-4+b1
ii libgnutls30 3.8.1-4+b1
ii libtasn1-6 4.19.0-3
gnutls-bin recommends no packages.
gnutls-bin suggests no packages.
-- no debconf information
-- debsums errors found:
debsums: can't check gnutls-bin file /usr/share/doc/gnutls-bin/changelog.Debian.amd64.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/doc/gnutls-bin/changelog.Debian.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/doc/gnutls-bin/changelog.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/certtool.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/danetool.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/gnutls-cli-debug.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/gnutls-cli.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/gnutls-serv.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/ocsptool.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/p11tool.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/psktool.1.gz (Wide character in subroutine entry)
debsums: can't check gnutls-bin file /usr/share/man/man1/tpmtool.1.gz (Wide character in subroutine entry)
Andreas Metzler
Sep 12, 2023, 12:40:04 PM9/12/23
to
On 2023-09-12 Philipp Marek via Pkg-gnutls-maint <pkg-gnut...@alioth-lists.debian.net> wrote:
> Package: gnutls-bin
> Version: 3.8.1-4+b1
> Severity: normal
> X-Debbugs-Cc: phi...@marek.priv.at
> After removing libssl1.1:amd64=1.1.1o-1 I can't run p11tool any more:
> # LD_DEBUG=libs p11tool
> 1708431: find library=libcrypto.so.1.0.1 [0]; searching
> ...
> 1708431: find library=libcrypto.so.1.0.0 [0]; searching
[..]
> Package: gnutls-bin
> Version: 3.8.1-4+b1
> Severity: normal
> X-Debbugs-Cc: phi...@marek.priv.at
> After removing libssl1.1:amd64=1.1.1o-1 I can't run p11tool any more:
> # LD_DEBUG=libs p11tool
> 1708431: find library=libcrypto.so.1.0.1 [0]; searching
> ...
> 1708431: find library=libcrypto.so.1.0.0 [0]; searching
Are you actually testing /usr/bin/p11tool as shipped by gnutls-bin?
Please doublecheck.
cu Andreas
Philipp Marek
Sep 12, 2023, 1:00:05 PM9/12/23
to
> Are you actually testing /usr/bin/p11tool as shipped by gnutls-bin?
> Please doublecheck.
I believe I do?
> Please doublecheck.
location:
$ which p11tool
/usr/bin/p11tool
no symlink or such stuff:
$ ls -al /usr/bin/p11tool
-rwxr-xr-x 1 root root 339720 6. Sep 18:26 /usr/bin/p11tool
file comes from:
$ dpkg-query -S /usr/bin/p11tool
gnutls-bin: /usr/bin/p11tool
package's files are not modified:
$ debsums gnutls-bin
/usr/bin/certtool
OK
/usr/bin/danetool
OK
/usr/bin/gnutls-cli
OK
/usr/bin/gnutls-cli-debug
OK
/usr/bin/gnutls-serv
OK
/usr/bin/ocsptool
OK
/usr/bin/p11tool
OK
/usr/bin/psktool
OK
/usr/share/doc/gnutls-bin/changelog.Debian.amd64.gz
OK
/usr/share/doc/gnutls-bin/changelog.Debian.gz
OK
/usr/share/doc/gnutls-bin/changelog.gz
OK
/usr/share/doc/gnutls-bin/copyright
OK
/usr/share/doc/gnutls-bin/examples/certtool.cfg
OK
/usr/share/man/man1/certtool.1.gz
OK
/usr/share/man/man1/danetool.1.gz
OK
/usr/share/man/man1/gnutls-cli-debug.1.gz
OK
/usr/share/man/man1/gnutls-cli.1.gz
OK
/usr/share/man/man1/gnutls-serv.1.gz
OK
/usr/share/man/man1/ocsptool.1.gz
OK
/usr/share/man/man1/p11tool.1.gz
OK
/usr/share/man/man1/psktool.1.gz
OK
/usr/share/man/man1/tpmtool.1.gz
OK
$ LC_ALL=C dpkg-query -l gnutls-bin
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-============-============-=======================================
ii gnutls-bin 3.8.1-4+b1 amd64 GNU TLS library -
commandline utilities
is there something that I overlooked?
Andreas Metzler
Sep 12, 2023, 1:10:05 PM9/12/23
to
On 2023-09-12 Philipp Marek via Pkg-gnutls-maint <pkg-gnut...@alioth-lists.debian.net> wrote:
> > Are you actually testing /usr/bin/p11tool as shipped by gnutls-bin?
> > Please doublecheck.
> I believe I do?
> location:
> $ which p11tool
> /usr/bin/p11tool
[...]
> > Please doublecheck.
> I believe I do?
> location:
> $ which p11tool
> /usr/bin/p11tool
Thank you.
I suspect the culprit might be one of pkcs11 modules you are using, not
p11-toool itself.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
Philipp Marek
Sep 13, 2023, 3:20:04 AM9/13/23
to
> I suspect the culprit might be one of pkcs11 modules you are using, not
> p11-toool itself.
Yeah, you're right -- thanks!
> p11-toool itself.
eToken's PKCS11 still uses 1.1, even in a current version.
0 new messages