Bug 22615 - Cisco's implementation of the DTLS protocol
Summary: Cisco's implementation of the DTLS protocol
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: openssl (show other bugs)
Version: unstable
Hardware: all Linux
: P3 normal
Assignee: Gleb F-Malinovskiy
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-24 20:10 MSK by Alexey Shabalin
Modified: 2010-01-08 21:26 MSK (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Shabalin 2009-12-24 20:10:23 MSK
For openconnect package:

Cisco's implementation of the DTLS protocol unfortunately does not
comply with the relevant standards. We need some patches to OpenSSL to
be compatible with it.

For the 0.9.8 branch of OpenSSL, the required patch is
        http://cvs.openssl.org/chngview?cn=18037

This was included in OpenSSL CVS in April 2009 and should be in the
next release from the 0.9.8 branch, which will presumably be 0.9.8l.
OpenSSL 1.0.0-beta2 and later require no patching; all the required
support is already present.

PS: 05-Nov-2009 OpenSSL 0.9.8l is now available
Comment 1 Dmitry V. Levin 2009-12-25 04:43:08 MSK
(In reply to comment #0)
> For openconnect package:
> 
> Cisco's implementation of the DTLS protocol unfortunately does not
> comply with the relevant standards. We need some patches to OpenSSL to
> be compatible with it.
> 
> For the 0.9.8 branch of OpenSSL, the required patch is
>         http://cvs.openssl.org/chngview?cn=18037
> 
> This was included in OpenSSL CVS in April 2009 and should be in the
> next release from the 0.9.8 branch, which will presumably be 0.9.8l.
> OpenSSL 1.0.0-beta2 and later require no patching; all the required
> support is already present.
> 
> PS: 05-Nov-2009 OpenSSL 0.9.8l is now available

Unfortunately, 0.9.8l was released as 0.9.8k with just one change (so called CVE-2009-3555 fix), without any changed available in OpenSSL_0_9_8-stable branch at that time.

I've just fetched and pushed this change, please test:
http://git.altlinux.org/people/ldv/packages/?p=openssl.git;a=commit;h=ef8799678b107be51606d940a751fa6c3eaeb0b1
Comment 2 Alexey Shabalin 2009-12-25 13:52:07 MSK
> I've just fetched and pushed this change, please test:
> http://git.altlinux.org/people/ldv/packages/?p=openssl.git;a=commit;h=ef8799678b107be51606d940a751fa6c3eaeb0b1

openconnect собрался успешно.
Его работу проверю позже.
Спасибо.
Comment 3 Repository Robot 2010-01-08 21:26:51 MSK
openssl098-0.9.8l-alt4 -> sisyphus:

* Fri Jan 08 2010 Dmitry V. Levin <ldv@altlinux> 0.9.8l-alt4

- Built for target linux-generic32 on ARM.
- Applied upstream crypto/{md5,sha1} build fixes (by Evgeny Sinelnikov
  and Kirill A. Shutemov).
- Applied upstream compatibility patch for Cisco VPN client DTLS
  (closes: #22615).