Is it possible to downgrade openssl?

[Patrick Wiseman]

I have an AppImage from Creality which segfaults with a QT ssl error. Googling tells me that the latest version of OpenSSL (3.x) omits some X509 functionality, which can be found in OpenSSL-1.1. (And someone reports that installing it solves the problem.) But I can't find that package. Is there any way to revert to an earlier version of OpenSSL? I'm on an up-to-date bookworm system.

Thanks

Patrick

[Patrick Wiseman]

On Fri, Jul 28, 2023, 4:10 PM Brian <ad...@cityscape.co.uk> wrote:

Install from https://snapshot.debian.org/.

Thanks for the quick reply. I'll try that as soon as I get back to the box.

Patrick 

[Brian]

On Fri 28 Jul 2023 at 16:04:10 -0400, Patrick Wiseman wrote:

Install from https://snapshot.debian.org/.

--
Brian.

[Greg Wooledge]

Simply installing libssl1.1 is not going to change the dynamic libraries
used by installed programs.

ii libssl1.0.2:amd64 1.0.2r-1~deb9u1 amd64 Secure Sockets Layer toolkit - shared libraries
ii libssl1.1:amd64 1.1.1n-0+deb11u4 amd64 Secure Sockets Layer toolkit - shared libraries
ii libssl1.1:i386 1.1.1n-0+deb11u4 i386 Secure Sockets Layer toolkit - shared libraries
ii libssl3:amd64 3.0.9-1 amd64 Secure Sockets Layer toolkit - shared libraries
ii libssl3:i386 3.0.9-1 i386 Secure Sockets Layer toolkit - shared libraries

If a program (e.g. /usr/bin/openssl) is dynamically linked against
libssl.so.3, then it's going to use libssl3, no matter how many older
versions of libssl with different sonames are installed.

If the issue is something like "libssl3 version 3.0.8-1 works, but
version 3.0.9-1 does not" then yeah, installing an older version of
libssl3 might work around the issue.

[Eduardo M KALINOWSKI]

AppImages bundle all the libraries used by the application, so changing
the "system" version of openssl probably won't work.



--
Eduardo M KALINOWSKI
edu...@kalinowski.com.br

[debia...@howorth.org.uk]

It sounds like you need to contact Creality to update the AppImage.
Although
https://forum.manjaro.org/t/creality-slicer-appimage-not-loading-qt-network-ssl-errors/143726
suggests that the AppImage does not contain the OpenSSL library.

But the only 'omission' of X.509 functionality that I can see on
https://www.openssl.org/news/openssl-3.0-notes.html is
"X509 certificates signed using SHA1 are no longer allowed at security
level 1 or higher. The default security level for TLS is 1, so
certificates signed using SHA1 are by default no longer trusted to
authenticate servers or clients."

I'm not sure I'd want to be deliberately trying to undo a security
upgrade.

[Patrick Wiseman]

I'm sure you're right. Contacting Creality is a fool's game; they've been alerted to the problem since they released the software, so I'll just have to be patient.

Thanks to all for your suggestions.

Patrick

[Andy Smith]

Hello,

You've been handed a very effective footgun with no further
instructions. Please do not replace your system's openssl package
with an older one unless you know exactly what you are doing. In all
likelihood you will completely break your whole system. Tons of
things link to openssl.

AppImages are supposed to include the libraries they depend upon,
though I don't use them so am not sure about this, but if that is
true then I think it's unlikely that your AppImage is using the
system openssl anyway.

You really need to get support from the supplier of the package.

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

[Patrick Wiseman]

I'd already reached the conclusion that messing with openssl was a bad idea. Unfortunately, Creality is unresponsive to pleas to fix their software. A Googled source claimed the problem was fixed by installation of an earlier version of openssl, but I'm glad I asked here before trying that!

I'm mostly a lurker here but always impressed with how patiently helpful y'all are.

Thanks for being here!

Cheers

Patrick

[Max Nikulin]

On 30/07/2023 05:16, Patrick Wiseman wrote:
> I'd already reached the conclusion that messing with openssl was a bad
> idea. Unfortunately, Creality is unresponsive to pleas to fix their
> software.

I have no experience with 3d printers at all, but I am curious
concerning any progress with a suggestion from another thread:

Patrick Wiseman. Re: qt.network.ssl problems (OT?) Wed, 21 Jun 2023
10:35:57 -0400.
https://lists.debian.org/msgid-search/CAJVvKsO_MubTQidcQZ+vSNkYmO=sqGhvvnO0nL...@mail.gmail.com

> Turns out that the K1 printer is Klipper under the hood and there's a
> way to hack it to gain full access (so I don't need the broken app).

[gene heskett]

Contacting Creality with a problem also nullify's any warranty you may
have thought you had. I replaced a broken plastic ejector on an E5+ with
the exact same item made of metal, from the same injection dies that
made the plastic one and that they sell. The first thing they did was
cancel the warranty on that serial number because it was a non-stock
part I had installed. They would have a cow if they knew what I'm doing
to it now.

However, An E5-S1 is the best small sub $600 printer ever. On its 3rd
roll of PETG now, its slinging great parts at me. Minor adjustments of
course but it Just Works.

>
> Thanks to all for your suggestions.
>
> Patrick
>

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/>

[Patrick Wiseman]

This is veering way off topic ... but, since you ask :)

It's true that the K1 is Klipper (one of several flavors of 3D printer software) under the hood, and I have used the hack to get to it. But Creality apparently disapproves of the hack and so has disabled it in the latest firmware. For now, I'm living with the older firmware and the very useful hack, but I might not need to do that if their software worked on my laptop. Hence my attempts to get it working. (Creality has historically been good about open source hardware and software, so I'm not sure what they're up to with this particular printer.)

Cheers

Patrick

 

[Andy Smith]

Hello,

On Sun, Jul 30, 2023 at 08:11:38AM -0400, Patrick Wiseman wrote:
> But Creality apparently disapproves of the hack and so has
> disabled it in the latest firmware.

So what I have learned from this thread is that there is a company
called Creality which:

- Supplies known-broken AppImages on devices costing hundreds of $
and then doesn't respond to support requests
- Spends time making it so that people can't replace the software
they have supplied with other software that works
- Voids warranty on said devices if they hear you have changed any
of the components, this on a device that is designed to allow
people to make things

Sounds like an absolutely shit-tier company. I hope there are
alternatives in the 3d-printing world, a world that I know almost
nothing about.

[Dan Ritter]

Andy Smith wrote:
>
> Sounds like an absolutely shit-tier company. I hope there are
> alternatives in the 3d-printing world, a world that I know almost
> nothing about.

Many, but Creality makes really cheap 3D printers, so
lots of people buy them.

-dsr-

[Patrick Wiseman]

I think it would be fairer to say that they make inexpensive 3D printers. The hardware is generally of good quality. And they just sent me a working version of the AppImage which had been segfaulting, so not entirely unresponsive (if a bit slow to respond).

Patrick