openssl: OpenSSL 3.0.3 fails to auto-init rng on Windows 7
curl users on Windows 7 immediately ran into problems with the bump to OpenSSL 3…0.3 as RAND_status() now returns false when expected to return true - and it worked fine in 3.0.2.
See further discussions in the curl issue https://github.com/curl/curl/issues/8849
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 2
- Comments: 31 (22 by maintainers)
Commits related to this issue
- Ignore locale creation failure It can fail on Windows 7 for example and we have the fallback to strcasecmp in place. Fixes #18322 — committed to t8m/openssl by t8m 2 years ago
- revert to openssl 3.0.2 OpenSSL 3.0.3 silently introduced an internal change that replaced str[n]icmp() with str[n]icmp_l() throughout its complete codebase on the Windows platform. The new function... — committed to curl/curl-for-win by vszakats 2 years ago
- strcasecmp: implement strcasecmp and strncasecmp Rather than relying on the locale code working, instead implement these functions directly. Fixes #18322 — committed to paulidale/openssl by paulidale 2 years ago
- strcasecmp: implement strcasecmp and strncasecmp Rather than relying on the locale code working, instead implement these functions directly. Fixes #18322 Reviewed-by: Tomas Mraz <tomas@openssl.org>... — committed to openssl/openssl by paulidale 2 years ago
- openssl 3.0.4 This reverts locale-dependent string comparisons in OpenSSL, and fixes [1] the issues [2] that triggered reverting [3] to 3.0.2 from 3.0.3 a month ago. Also: - enable ALPN support with... — committed to curl/curl-for-win by vszakats 2 years ago
- openssl-quic 3.0.4 This reverts locale-dependent string comparisons in OpenSSL, and fixes [1] the issues [2] that triggered reverting [3] to 3.0.2 from 3.0.3 a month ago. Also: - enable ALPN support... — committed to curl/curl-for-win by vszakats 2 years ago
I’m so puzzled. Is there actually ever a need for locale-aware string comparisons in a TLS library?
The Turkish locale is one (in-)famous example. I doubt that anyone of us has a complete understanding of all locale rules out there in the world.
Also, those rules may be subject to change over time, just like timezones. For an example of that, you can read on the evolution of the uppercase form of the German ß.
Like we do in curl since 2008: https://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/