From nobody Sat Aug 09 14:08:23 2025 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bzjRf3rTZz64MbM for ; Sat, 09 Aug 2025 14:08:30 +0000 (UTC) (envelope-from ianfreislich@gmail.com) Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bzjRd67VRz3JlY for ; Sat, 09 Aug 2025 14:08:29 +0000 (UTC) (envelope-from ianfreislich@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=hEvwGQno; spf=pass (mx1.freebsd.org: domain of ianfreislich@gmail.com designates 2607:f8b0:4864:20::b35 as permitted sender) smtp.mailfrom=ianfreislich@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-yb1-xb35.google.com with SMTP id 3f1490d57ef6-e902849978bso2366570276.1 for ; Sat, 09 Aug 2025 07:08:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1754748504; x=1755353304; darn=freebsd.org; h=content-transfer-encoding:subject:from:to:content-language :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=B1oUsxS3qzNDGAuxpApwayD1/knV0F55mrP8K3uCqrM=; b=hEvwGQno0In81b6by++lqybt4r3EF8YWKfOF2G7N7JOEY/zl/hFMYdE/2luJaoaEET BWHK7FXlGUJlrMLU/mHb9BJHcs0zM/yuarj2M2NKKabjDvaAjuFC587CAJZwB7uTOQwQ CjcvlESDXY8jTBQGpFskj6iP1XigvX/10gruMG3zP8j9ROfbHrb4alFBtx4tABokhpH/ /6OvSf458pDUQ3txwh6vKyhuYJNQKOFUlUH5SBKoC3GVKBCk1P3dhT4vvVPnF0xTZzJm bEpf55AyS3nQBH7xp1dOwLeSz9I5vI7QOw7ESn4P43XR+tHTxiUeyPyb+1u6rZ8OA0oS f3kQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754748504; x=1755353304; h=content-transfer-encoding:subject:from:to:content-language :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=B1oUsxS3qzNDGAuxpApwayD1/knV0F55mrP8K3uCqrM=; b=CyEqikzLmaN+eiAmKz1nig5o9ZJj+cYJEKRSpXKUP9R6zs4xm5uhfgabjjJIeK7EuW p/JwlWB+rqg+nLRTT0ESMz0eYt9XxC6aL1VCNAce62KoKOts7YmecJgSHw/x7Ov5aOiH HWSgxOrqfJhE10BHsA54N3bQ2XQM1Ts+/6p/kIW5GJIjhHePOxpNlC0M09sF9C4yQqMe K/exBkidar+WL3gInmzlM+ezLqyvxlwBFaz6lSMPurV5izcC9kEiAhHBHCz/iTN9J/E4 SEOtVprOaMvLisoP8kYylj7JT2gTicpa2gY5Z4SHjQKaaopSDtcxLDYsJ6zQgHTEu3VZ jyrA== X-Gm-Message-State: AOJu0YwdXoRHscrHpvpuFout30YnC2F+Vth29Go6GuiAvBjm1prVdPds J3YggEsOIKiVG5XxMoOUyiO7HGYtbfjT07hllpHuAp4TZNg13unolDxUYneeXQ== X-Gm-Gg: ASbGncsaGzARS5G+oCl/dFxRVUA17Bz+hHLI1Zi2+6VaybfPjyMsIw/N12GxgbGErk1 ertFTFR1NvfW+Zb6GL9FtLaVjlnVGHecxRWS4oVN7yia+gcrQi4ZTs+nxRoybd+kr8FR5BmCxwB a2HCM2juv5gziyLNXQfk7xwC/Ifd5h+UkuG/3w5kGWalbTJ8WeVi8wjTo20NDNMl8pNfSetyrUA j1iIsh5GsdkNPZQaZ38sYCVCYySiZtmQyJGh4TMloZ4VC3otRP51V9IAcKFztZP91N6PYn4sUZU /Ht161u7Lhszstnez4MoLV5im1f4i7FIrBWbojN2/oNjnhtzegi+Tw7vAzSGF/ul+Xov3TQn5bh /EggVYNfDrf0udd/qZ/Jze5M7NVNn9Mna2jWcdZK/lwrrCDH9kKl1Byv0r3I8k4wqBmVlu2118N jA X-Google-Smtp-Source: AGHT+IEXG7Dy2iipvIRrD6vYeew65Um0d0h0jbgrB/cCkeUIHabITTL6boNHcVYFimX6SdpLgeIIpQ== X-Received: by 2002:a05:6902:120f:b0:e90:5a65:24a6 with SMTP id 3f1490d57ef6-e905a652744mr3170942276.16.1754748503741; Sat, 09 Aug 2025 07:08:23 -0700 (PDT) Received: from ?IPV6:2600:1700:18f0:6812:129a:8666:ef01:3293? ([2600:1700:18f0:6812:129a:8666:ef01:3293]) by smtp.gmail.com with ESMTPSA id 3f1490d57ef6-e8fe073284fsm7527165276.21.2025.08.09.07.08.23 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 09 Aug 2025 07:08:23 -0700 (PDT) Message-ID: Date: Sat, 9 Aug 2025 10:08:23 -0400 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 User-Agent: Thunderbird Daily Content-Language: en-US To: FreeBSD Current From: Ian FREISLICH Subject: OpenSSL legacy provider is broken Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-3.99 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_TLS_LAST(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; PREVIOUSLY_DELIVERED(0.00)[current@freebsd.org]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[current@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::b35:from] X-Rspamd-Queue-Id: 4bzjRd67VRz3JlY X-Spamd-Bar: --- Hi Previously this worked [brane] /usr/ports # openssl list -providers -provider legacy Providers: legacy name: OpenSSL Legacy Provider version: 3.0.16 status: active Since the build last night, [router] /usr/ports/net/freeradius3 # openssl list -providers -provider legacy list: unable to load provider legacy Hint: use -provider-path option or OPENSSL_MODULES environment variable. 10B045DBE7340000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/ossl-modules/legacy.so): /usr/lib/ossl-modules/legacy.so: Undefined symbol "ossl_kdf_pvk_functions" 10B045DBE7340000:error:12800067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:147: 10B045DBE7340000:error:07880025:common libcrypto routines:provider_init:reason(37):/usr/src/crypto/openssl/crypto/provider_core.c:1019:name=legacy and freeradius doesn't start because of this: [router] /usr/ports/net/freeradius3 # radiusd -fX FreeRADIUS Version 3.2.7 ... (TLS) Failed loading legacy provider I haven't yet figured out what part of my EAP configuration needs the legacy provider. It may be that EAP just needs a working legacy provider because it looks like the EAP module unconditionally attempts to load the provider and fails. Ian