sendmail broken by libssl in current
Gregory Shapiro
gshapiro at freebsd.org
Wed Mar 11 16:15:54 UTC 2015
First, thank you Philip for jumping on this. Much appreciated.
> This wonderful change (cough) to include SSL_OP_TLSEXT_PADDING in
> SSL_OP_ALL was addressed in sendmail 8.15.1, which explicitly removes
> SSL_OP_TLSEXT_PADDING from the default ClientSSLOptions value if that
> #define exists. I believe Greg is working on importing that to FreeBSD.
sendmail 8.15.1 is imported into the vendor area but not merged due to an incompatible change that is being moved into a run-time configuration variable in 8.15.2. Rather than expose the FreeBSD populate to the churn from that change, I am skipping 8.15.1 and will import 8.15.2.
That being said, I can certainly make the local fix that Philip mention to take care of the padding issue. Is the new libssl in 11-CURRENT going to be/already been MFC'ed to other branches?
More information about the freebsd-security
mailing list