docker build -t openssl_dtls:stretch -f Dockerfile.stretch .
docker run --rm openssl_dtls:stretchdocker build -t openssl_dtls:buster -f Dockerfile.buster .
docker run --rm openssl_dtls:buster
Created
June 25, 2019 01:18
-
-
Save feymartynov/fdfa1a9691d77f2ef9bd7468ba9b8710 to your computer and use it in GitHub Desktop.
OpenSSL DTLS problem in Debian buster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM debian:buster | |
| RUN apt-get update && apt-get install -y openssl libssl-dev gcc | |
| COPY example.c /example.c | |
| RUN gcc -I/usr/include/openssl -lssl -lcrypto -o example example.c | |
| CMD ["/example"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM debian:stretch | |
| RUN apt-get update && apt-get install -y openssl libssl-dev gcc | |
| COPY example.c /example.c | |
| RUN gcc -I/usr/include/openssl -lssl -lcrypto -o example example.c | |
| CMD ["/example"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <openssl/ssl.h> | |
| int main(int argc, char* argv) { | |
| SSL_CTX *context = SSL_CTX_new(DTLS_method()); | |
| unsigned long error_code = ERR_peek_error(); | |
| if (error_code) { | |
| char buf[512]; | |
| ERR_error_string_n(error_code, &buf, 512); | |
| printf("Error create in SSL context: %s\n", buf); | |
| return 1; | |
| } else if (!context) { | |
| printf("No error but the context is empty\n"); | |
| return 1; | |
| } else { | |
| printf("OK\n"); | |
| return 0; | |
| } | |
| } |
We can be more specific in However if openssl package is removed from apt-get install command then buster also works fine.
since I have the error message error: 14187180: SSL routines: ssl_do_config: bad value in buster
Is there a workaround to this other than
sudo apt remove openssl
?
Because I'd like to be able to use WebRTC which uses DTLS on my Raspberry Pi Zero (Buster):
https://gitlab.freedesktop.org/gstreamer/gst-examples/-/issues/35#note_865398
I guess I could just recompile the WebRTC plugin and ignore the return code, if the context is still good? It sounds like it's just a false error code left in error_code.
Is it something to do with some global set min TLS version?
This indeed works and removes openssl system version without uninstalling node and lots of other packages:
sudo dpkg -r --force-depends "openssl"
And it indeed fixes the test above! Yay! Thanks!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Buster version returns error
error:14187180:SSL routines:ssl_do_config:bad valuewhile stretch works fine.However if openssl package is removed from
apt-get installcommand then buster also works fine.