FS#60235 - [bitcoin-qt] Stops while switching SSLv3 to TLS
Attached to Project:
Community Packages
Opened by Eser KUBALI (eserlxl) - Friday, 28 September 2018, 18:21 GMT
Last edited by Christian Rebischke (Shibumi) - Saturday, 09 February 2019, 13:57 GMT
Opened by Eser KUBALI (eserlxl) - Friday, 28 September 2018, 18:21 GMT
Last edited by Christian Rebischke (Shibumi) - Saturday, 09 February 2019, 13:57 GMT
|
Details
Description: After pacman -Syu, I cannot start bitcoin-qt
even from a fresh Arch Linux installation again. No log, no
error messages. Compiling from the latest source on github
gives the same result.
My Arch: KDE Plasma, 4.18.9-arch1-1-ARCH x86_64 Origin: I've found the source of the problem using gdb -> run -> CTRL+C -> bt sequence and gdb points qt/bitcoin.cpp:579. On this line, bitcoin-qt switches SSLv3 to TLS to mitigate POODLE Attack. Possible Reason: OpenSSL backward compatibility is not enough and updated OpenSSL violates BIP-70 consensus of bitcoin. Additional info: bitcoin daemon runs without any problem Affected Versions: 0.16.3+ and latest bitcoin source on github. Solution 1: Disabling Switching SSLv3 to TLS [ Causes POODLE Attack vulnerability ] I had to disable SSLv3 -> TLS code part in order to run the bitcoin-qt wallet. Disabled code part ( src/qt/bitcoin.cpp, line 579 ) 579 QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration(); 580 sslconf.setProtocol(QSsl::TlsV1_0OrLater); 581 QSslConfiguration::setDefaultConfiguration(sslconf); Solution 2: Unnecessary QT SSL version check [ Safe ] Adding an unnecessary SSL library version check at src/qt/bitcoin.cpp, on line 579 allows bitcoin-qt to run again without disabling switching SSLv3 to TLS. 579 QSslSocket::sslLibraryVersionString(); 580 QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration(); 581 sslconf.setProtocol(QSsl::TlsV1_0OrLater); 582 QSslConfiguration::setDefaultConfiguration(sslconf); Links: I've already informed bitcoin github, AUR maintainer of bitcoin-git package and Arch Linux Official Forum members. https://github.com/bitcoin/bitcoin/issues/14273 https://bbs.archlinux.org/viewtopic.php?id=240553 https://aur.archlinux.org/packages/bitcoin-git/ |
This task depends upon
Closed by Christian Rebischke (Shibumi)
Saturday, 09 February 2019, 13:57 GMT
Reason for closing: Fixed
Additional comments about closing: 0.17.1-1
Saturday, 09 February 2019, 13:57 GMT
Reason for closing: Fixed
Additional comments about closing: 0.17.1-1
I downgraded bitcoin-qt from (0.16.3-1 => 0.16.2-2). In addition, I had to downgrade boost and boost-libs ( 1.68.0-1 => 1.67.0-7 )
The downgraded bitcoin-qt also stops at the beginning.
After updating bitcoin-qt, boost and boost-libs to the latest versions, I've compiled several versions from bitcoin github source.
git clone -b "v0.xy.z" --single-branch --depth 1 https://github.com/bitcoin/bitcoin.git
0.16.2 Hangs at start, same issue
0.16.1 Hangs at start, same issue
0.16.0 Hangs at start, same issue
0.15.2 Hangs at start, same issue
This commit hit the main repo already: https://github.com/bitcoin/bitcoin/commit/2468471e13987b1be377e1b33fe9c5cdb7a7a3e3
And if you take a look on the issue page, there are lots of people backporting this commit to their own copies of the Bitcoin repo.
I downloaded the ArchLinux PKGBUILD's and modified it to apply this single patch and now my bitcoin-qt works again: https://pastebin.com/nxYTDRrt
Hope it helps to speed up a solution on our side.
bitcoin-qt 0.17.0 (broken) was released on October 3
bitcoin-qt 0.17.0.1 (broken) was released on November 6
bitcoin-qt 0.17.1 with the fix was released on December 25
bitcoin-qt 0.17.0 (broken) was packaged into the repository on January 25, two versions behind and a month after the fixed version was released.
Shibumi, what on earth is going on here???
pushed 0.17.1 now.