Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#53684 - [rdesktop] unable to establish connection with OpenSSL 1.1

Attached to Project: Community Packages
Opened by Mantas Mikul─Śnas (grawity) - Sunday, 16 April 2017, 11:53 GMT
Last edited by Ivy Foster (escondida) - Thursday, 10 October 2019, 22:18 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Jelle van der Waa (jelly)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

We still have one machine running Windows Server 2003 (the RDP service has TLS support enabled). With rdesktop 1.8.3-2 (openssl 1.0.x), I can connect to it...

$ rdesktop <foo>
Connection established using SSL.

...but with 1.8.3-3 (openssl 1.1) I cannot:

$ rdesktop <foo>
Connection established using plain RDP.
ERROR: Failed to extract public key from certificate
ERROR: recv: Connection reset by peer
This task depends upon

Closed by  Ivy Foster (escondida)
Thursday, 10 October 2019, 22:18 GMT
Reason for closing:  Fixed
Additional comments about closing:  upstreamfixedit
Comment by Mantas Mikul─Śnas (grawity) - Sunday, 16 April 2017, 11:59 GMT
(This being a bug report, I would like to preemptively request that you keep the kneejerk "use freerdp" and "don't use Server 2003" comments to yourselves. If we could have upgraded that particular server, we would have done so years ago.)
Comment by Doug Newgard (Scimmia) - Monday, 17 April 2017, 14:53 GMT
This is likely by design. OpenSSL 1.1 killed off a bunch of old crap that people shouldn't be using anymore.
Comment by A de Beus (mostlyharmless) - Saturday, 22 April 2017, 22:48 GMT
It may well be by design, nonetheless, for me, 1.8.3-3 states /usr/lib/libssl.so.1.1: no version information available (required etc) and /usr/lib/libcrypto.so.1.1: no version information available (etc.), reverting to 1.8.3-2 fixes the problem and I can connect. So... does that mean that rdesktop has "a bunch of old crap that people shouldn't be using anymore" ?
Comment by Thiago Coutinho (thiagoc) - Wednesday, 26 April 2017, 15:23 GMT
I'm having this problem too with a Windows Server 2012 R2.
Comment by Natrio (natrio) - Thursday, 27 April 2017, 07:44 GMT
It looks like regression.

From buggy 1.8.3-3 PGKBUILD:
> [PATCH] Fix OpenSSL 1.1 compability issues
https://git.archlinux.org/svntogit/community.git/commit/trunk?h=packages/rdesktop&id=460f84e0ef0a1fc83be253fbcb55ae4b90171f6a
Comment by Jelle van der Waa (jelly) - Monday, 08 May 2017, 19:56 GMT
It's not a regression, -3 was the OpenSSL 1.1.0, the cherry picked patches seem to cause some issues. Openssl 1.1.0 deprecated md5 ciphers for example which could be an issue. Another option is to try to compile rdesktop from git and test if it works.
Comment by Jelle van der Waa (jelly) - Saturday, 08 July 2017, 19:53 GMT
Seems what is needed is this patch: https://github.com/rdesktop/rdesktop/commit/bd6aa6acddf0ba640a49834807872f4cc0d0a773 but that doesn't apply independently.
Comment by Ben (comeandtakeit) - Friday, 18 August 2017, 14:41 GMT
A fix for this problem was merged into rdesktop/master here https://github.com/rdesktop/rdesktop/pull/125. I compiled the latest master and it works as expected. I will flag out of date and request closure of this issue.
Comment by Eli Schwartz (eschwartz) - Friday, 18 August 2017, 14:48 GMT
Please don't do that, since it is not in fact out of date until upstream tags a release. Requesting backported fixes is out of scope for that, and very much in scope for the bugtracker, and specifically this bug ticket.

Denied, a thousand times over.

Thanks for alerting us to the existence of an upstream fix.
Comment by Ivy Foster (escondida) - Thursday, 10 October 2019, 22:17 GMT
The fix no longer involves backporting: it's included in current release. Closing for real!

Loading...