SSL appears to be broken in 8-STABLE/RELEASE
H. Ingow
hingow at googlemail.com
Sat Dec 19 09:29:48 UTC 2009
First my apologies for breaking the thread.
We also had this issue and tried to find an acceptable solution.
To make a long story short:
Please try to compile your application against the version of openssl
available in the ports tree.
As you already mentioned (SA-09:15) breaks renegotiation with base system's
openssl by fixing
a security issue ( it actually does).
Prerequisite for the following is, of course, to install
/usr/ports/security/openssl which will give you
openssl 0.9.8l . (You do not necessarily have to remove the base openssl)
You may then set 'WITH_OPENSSL_PORT=YES' to /etc/make.conf
and rebuild your application(s) with via the ports, they should then be
compiled correctly against the ports-version.
Or, but this will only work if if your application's configure script has a
switch to set the path to ssl
or openssl to the ports-openssl's location, something like
# setenv LD_LIBRARY_PATH /usr/local/lib ## this actually may be
removed after build
and configure with the appropriate option maybe alike
# ./configure --openssl-path=/usr/local/lib
Just make sure it compiled properly.
The output of ldd should show (apart from other):
# ldd application
/app/li/cation
......
libssl.so.5 => /usr/local/lib/libssl.so.5 (0x881bc000)
libcrypto.so.5 => /usr/local/lib/libcrypto.so.5 (0x88200000)
. ........
For the applications we use, this works with both versions of openssl on the
same box, without any i
interference.
Considerations about this ?
HTH
More information about the freebsd-stable
mailing list