Comment 3 for bug 1144408

Hello,

we've noticed the same problem and i can add some information.

The issue happens when connecting with curl using the lucid version of libssl0.9.8 (version: 0.9.8k-7ubuntu8.14) connecting to i.e. a precise server using libssl1.0.0 (version: 1.0.1-4ubuntu5.8).

Just a few days ago some posted a patch upstream to the libssl-dev mailaing list [1]. However there's not reply there yet.

I just finished tested this patch by applying it on top of the lucid version and doing that i can successfully connect to the precise system using https again.

So functionally that fixes the problem for me.

As the patch has not been reviewed yet we only compiled a patched libssl and are using it only for the failing curl invocation to avoid system-wide side-effects.

In case it is useful for anyone:
apt-get build-dep libssl0.9.8
cd openssl-0.9.8
patch -p1 <
0001-Fix-handling-of-warning-level-alerts-in-SSL23-client.patch
debuild -us -uc -b

can be used to provided a patched libssl0.9.8.

Note: patch applies fine with some fuzz ignoring refects for the CHANGES file.

I would be very happy to see a pathced libssl packages for lucid when possible to be able to remove the locally patched version again.

[1] http://marc.info/?l=openssl-dev&m=136760073921954&w=2