http://bugs.winehq.org/show_bug.cgi?id=30931
Bug #: 30931 Summary: Newsbin cannot connect to ssl servers Product: Wine Version: 1.5.5 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: web@robsonfamily.co.uk Classification: Unclassified
Cannot register newsbin, or connect to any ssl servers. I have tried 1.4,1.53, pol 1.4 & 1.53 all with the same problem.
This is the error from Newsbin ERROR InterSocket - Error: SSL Negotiation Failed, Host: news.giganews.com Error: SSL Connection Failed: 5 Error 0 Success.
and from the NB support pages.( http://forums.newsbin.com/viewtopic.php?f=31&t=30453&p=185475)
#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
This is error 5. It's saying something in Wine's socket layer's dropping the ball.
http://bugs.winehq.org/show_bug.cgi?id=30931
web@robsonfamily.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |web@robsonfamily.co.uk
http://bugs.winehq.org/show_bug.cgi?id=30931
teg@djii.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |teg@djii.com
--- Comment #1 from teg@djii.com 2012-06-17 06:53:03 CDT --- I'm the author of Newsbin. Newsbin is static linked and OpenSSL is static linked into the program so, it's not dependent on any external DLL's or Wininet to establish SSL connections. Currently it's using OpenSSL openssl-1.0.0d. It opens a connection to the server, which works, and then hands the connection to OpenSSL which then tries to negotiate a secure connection. That's when the error is returned, during the SSL negotiation process.
It's not clear to me why wine would even know this is an SSL connection since it should just look like TCP traffic. It suggests to me some issue in the socket layer like some mode that OpenSSL sets (maybe async mode) which is broken.
http://bugs.winehq.org/show_bug.cgi?id=30931
--- Comment #2 from web@robsonfamily.co.uk 2012-06-17 08:45:29 CDT --- OK Fix Use this echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope
From here
http://www.codeweavers.com/support/wiki/linux/faq/ubuntu1204
But I don't think this is correct, it fixes the error but not the cause.
http://bugs.winehq.org/show_bug.cgi?id=30931
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |00cpxxx@gmail.com
--- Comment #3 from Bruno Jesus 00cpxxx@gmail.com 2012-06-17 10:22:34 CDT --- Just guessing but there seems to be an issue in openssl 1.0.0, if possible retry in openssl 0.98.
The links from the following link may be useful. http://bugs.winehq.org/show_bug.cgi?id=30598#c9
May be related to bug 30598.
http://bugs.winehq.org/show_bug.cgi?id=30931
--- Comment #4 from web@robsonfamily.co.uk 2012-06-17 12:42:14 CDT --- I tried to add this to the evernote bug but was told to open a new bug so I did. I couldn't downgrade to the previous version without it wanting to remove a load of apps.
The fact that ONLY SSL comms are affected and this change from 1 to 0 allows the comms to work, suggest that something is "snooping" on the ssl chain.
http://bugs.winehq.org/show_bug.cgi?id=30931
--- Comment #5 from Juan Lang juan.lang@gmail.com 2012-06-17 15:01:21 CDT --- (In reply to comment #3)
Just guessing but there seems to be an issue in openssl 1.0.0, if possible retry in openssl 0.98.
This probably isn't related, that's why I asked for a new bug report.
The reason is this: the change in openssl 1.0.0 relates to the way we use our own threading. This should only be relevant in the context of Wine-managed openssl, i.e. through its use in wininet and winhttp.
As the developer of newbin tells us, newsbin statically links its own copy of openssl. It's possible that the threading change is affecting his app when run under Wine, too, but in order to test that he'd have to produce his own build linking against openssl 0.9.8. It's also possible that the threading change in openssl is entirely unrelated, though.
In any event, all the discussion about how to fix openssl in Wine is not related to this bug.
http://bugs.winehq.org/show_bug.cgi?id=30931
--- Comment #6 from teg@djii.com 2012-06-17 15:47:08 CDT ---
Just guessing but there seems to be an issue in openssl 1.0.0, if possible retry in openssl 0.98.
Since Newsbin has SSL built in with no external dependencies (that I'm aware of) and it works perfectly well with this version of SSL under windows, I'm skeptical that it has anything to do with the SSL version. If it depended on Windows to handle the SSL, then I'd agres.
I guess the question is, does wine do anything different with TCP connections on SSL ports than it does with other TCP connections?
http://bugs.winehq.org/show_bug.cgi?id=30931
--- Comment #7 from teg@djii.com 2012-06-17 15:59:39 CDT ---
1 - If by threading change, you mean the fact that Newsbin has to supply a bunch of mutexes to OpenSSL (which did bite me on the ass). It's already implementing that change internally. OpenSSL calls up and I then generate the N mutexes it requests
2 -
OK Fix Use this echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope
The fix that makes it work is completely unrelated to SSL version. I think the real question is, how does enabling ptrace security interfere with OpenSSL under wine. Is wine using ptrace to patch the application in memory or monitor what it's doing? Is it used to implement SEH (structured exception handling) for instance?
In a nutshell, disabling ptrace security allows OpenSSL to work. That suggests that ptrace is being used to do something. I don't know anything about wine internals so I can't guess what. Why only SSL too? Why do normal TCP connections work but, SSL connections don't?
http://bugs.winehq.org/show_bug.cgi?id=30931
--- Comment #8 from Juan Lang juan.lang@gmail.com 2012-06-17 16:01:58 CDT --- (In reply to comment #6)
Since Newsbin has SSL built in with no external dependencies (that I'm aware of) and it works perfectly well with this version of SSL under windows, I'm skeptical that it has anything to do with the SSL version. If it depended on Windows to handle the SSL, then I'd agres.
Logically this argument doesn't follow. Things that work under Windows often don't work under Wine, so their working on Windows does not allow us to infer anything about their expected behavior under Wine. I agree that it's probably unlikely, but I know that, without investigation, we can't eliminate the possibility that the Windows version of openssl you use won't work when run under Wine.
I guess the question is, does wine do anything different with TCP connections on SSL ports than it does with other TCP connections?
No.
Welcome to the wonderful world of debugging under Wine: it's often complicated ;)
http://bugs.winehq.org/show_bug.cgi?id=30931
--- Comment #9 from teg@djii.com 2012-06-17 17:16:22 CDT ---
1 - If by threading change, you mean the fact that Newsbin has to supply a bunch of mutexes to OpenSSL (which did bite me on the ass). It's already implementing that change internally. OpenSSL calls up and I then generate the N mutexes it requests
2 -
OK Fix Use this echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope
The fix that makes it work is completely unrelated to SSL version. I think the real question is, how does enabling ptrace security interfere with OpenSSL under wine. Is wine using ptrace to patch the application in memory or monitor what it's doing? Is it used to implement SEH (structured exception handling) for instance?
In a nutshell, disabling ptrace security allows OpenSSL to work. That suggests that ptrace is being used to do something. I don't know anything about wine internals so I can't guess what. Why only SSL too? Why do normal TCP connections work but, SSL connections don't?
http://bugs.winehq.org/show_bug.cgi?id=30931
--- Comment #10 from Juan Lang juan.lang@gmail.com 2012-06-17 18:08:07 CDT --- (In reply to comment #9)
1 - If by threading change, you mean the fact that Newsbin has to supply a bunch of mutexes to OpenSSL (which did bite me on the ass). It's already implementing that change internally. OpenSSL calls up and I then generate the N mutexes it requests
I was going on memory, and my memory is fallible. The changes referenced in bug 30598 are related to TLS version negotation. Like you say, if this works on Windows, I don't see why it would impact the app on Wine. What I was referring to was another relatively recent change in openssl that produced a crash in another app that seemed related to threading. That's described in bug 30246. However, bug 30246 mentions that it works up to version 1.0.0.g, and your app is linked to 1.0.0.d, hence neither bug seems related to me. Sorry for the confusion.
2 -
OK Fix Use this echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope
The fix that makes it work is completely unrelated to SSL version. I think the real question is, how does enabling ptrace security interfere with OpenSSL under wine. Is wine using ptrace to patch the application in memory or monitor what it's doing? Is it used to implement SEH (structured exception handling) for instance?
In a nutshell, disabling ptrace security allows OpenSSL to work. That suggests that ptrace is being used to do something. I don't know anything about wine internals so I can't guess what. Why only SSL too? Why do normal TCP connections work but, SSL connections don't?
Yes, Wine does use ptrace to support certain Windows APIs, e.g. GetThreadContext and ReadProcessMemory. How it's related in this context is hard to guess. Some SSL connections do work, so it's not as simple as "TCP works, SSL doesn't."
A starting point might be looking at a +relay log, to see what the app was last doing prior to its point of failure. Or, since you have the source of the app, if you have a tracing mechanism within it, or can instrument it with some, that might be more efficient.
https://bugs.winehq.org/show_bug.cgi?id=30931
--- Comment #11 from Austin English austinenglish@gmail.com --- This is your friendly reminder that there has been no bug activity for two years. Is this still an issue in current (1.7.25 or newer) wine?
https://bugs.winehq.org/show_bug.cgi?id=30931
web@robsonfamily.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED
--- Comment #12 from web@robsonfamily.co.uk --- No longer an issue.
https://bugs.winehq.org/show_bug.cgi?id=30931
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #13 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.26.
-
wine-bugs@winehq.org