From nobody Wed Sep 03 04:53:47 2025
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cGqy61Jmtz66Pb1
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Wed, 03 Sep 2025 04:53:50 +0000 (UTC)
	(envelope-from cy.schubert@cschubert.com)
Received: from omta003.cacentral1.a.cloudfilter.net (omta001.cacentral1.a.cloudfilter.net [3.97.99.32])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "Client", Issuer "CA" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cGqy56GDyz40KW;
	Wed, 03 Sep 2025 04:53:49 +0000 (UTC)
	(envelope-from cy.schubert@cschubert.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: from shw-obgw-4003a.ext.cloudfilter.net ([10.228.9.183])
	by cmsmtp with ESMTPS
	id tRMZuwO1t9JM2tfVFuYwcj; Wed, 03 Sep 2025 04:53:49 +0000
Received: from spqr.komquats.com ([70.66.136.217])
	by cmsmtp with ESMTPSA
	id tfVDuqjeRWbOatfVEuZAFQ; Wed, 03 Sep 2025 04:53:48 +0000
X-Auth-User: cschuber
X-Authority-Analysis: v=2.4 cv=Q5lx4J2a c=1 sm=1 tr=0 ts=68b7c9dc
 a=h7br+8Ma+Xn9xscxy5znUg==:117 a=h7br+8Ma+Xn9xscxy5znUg==:17
 a=kj9zAlcOel0A:10 a=yJojWOMRYYMA:10 a=MzXxwKnEAAAA:8 a=6I5d2MoRAAAA:8
 a=EkcXrb_YAAAA:8 a=YxBL1-UpAAAA:8 a=HSaPlgtFgtBvVZ8QF3UA:9 a=CjuIK1q_8ugA:10
 a=AVPT4aCM3DnWkd4gLgzP:22 a=LK5xJRSDVpKd5WXXoEvA:22 a=Ia-lj3WSrqcvXOmTRaiG:22
Received: from slippy.cwsent.com (slippy.cwsent.com [10.1.1.91])
	by spqr.komquats.com (Postfix) with ESMTP id 4EBD61CE;
	Tue, 02 Sep 2025 21:53:47 -0700 (PDT)
Received: by slippy.cwsent.com (Postfix, from userid 1000)
	id 444CF313; Tue, 02 Sep 2025 21:53:47 -0700 (PDT)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev
Reply-to: Cy Schubert <Cy.Schubert@cschubert.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
X-os: FreeBSD
X-Sender: cy@cwsent.com
X-URL: http://www.cschubert.com/
To: Gleb Smirnoff <glebius@freebsd.org>
cc: Cy Schubert <Cy.Schubert@cschubert.com>,
    Rick Macklem <rick.macklem@gmail.com>, freebsd-current@freebsd.org
Subject: Re: heimdal -> MIT kdc migration
In-reply-to: <aLfH8u9GwXX8IjyN@cell.glebi.us>
References: <CAM5tNy4C1sFkqfDnO+A1Chkm86qxO--Rt+thbnFrBkWu_P7iDg@mail.gmail.com> <CAM5tNy4OAXmc12F_=6o+se16ShE8jLX4np1X2T5rgeFxJTFFXA@mail.gmail.com> <CAM5tNy4fgqxYzT_aa9Ej0A1tsnuyHqQYuYRmeHF3ReSb+WsJ2A@mail.gmail.com> <CAM5tNy6ASuHS8O2ZKApcSQ61+BpnCQBKQitdYwtqEc9aBVDR7Q@mail.gmail.com> <CAM5tNy4C-nf_uLC9XO7Q3=dbFmC97NT+SAgVnjq6a63teXaMQw@mail.gmail.com> <CAM5tNy6ozGNiGqFREdepDxGVa3fsxRh+YhTpcRxVZkcqY2FJTQ@mail.gmail.com> <CAM5tNy4Aw7n-6dgNxUzi71=L9ewpxVL0z=jh3ntuZcXJo9Z2MQ@mail.gmail.com> <CAM5tNy5VKvx9rk-3DsWmdrH8C6f4uxQ8w8oyi71Zuwf-q6b_Yw@mail.gmail.com> <CAM5tNy7aNgOyzaKvzRWFGPkpdaHsA_bhjNFjMDQVk0df0dBFjw@mail.gmail.com> <20250903043714.370F5311@slippy.cwsent.com> <aLfH8u9GwXX8IjyN@cell.glebi.us>
Comments: In-reply-to Gleb Smirnoff <glebius@freebsd.org>
   message dated "Tue, 02 Sep 2025 21:45:38 -0700."
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@FreeBSD.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 02 Sep 2025 21:53:47 -0700
Message-Id: <20250903045347.444CF313@slippy.cwsent.com>
X-CMAE-Envelope: MS4xfHc1lmSj0Nx0z6IIu5GV3rdgtFxWC/rlX+sLALOCRYzKB52QBXhVHxApLeneHvMhWPqT/G6xRrCpHu8oOri9cMm31/wU1IWRo96aDyRgDFnWDXPGAIoi
 X7xml/0iQMeYTuDFKUrWFTmDTsPLHflWnrvr7G0Ce36Y+6rvxJwR038NZntm9dDM6eg6zCkTrxmX7tc16R6qxu3F8asyza8kqtsW68cJS/r7RsTRGEc2FVJN
 vWFbpV52LTBo75/S4qjDWsl0yepNjdhLeqh2Y7GuwQw=
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	TAGGED_RCPT(0.00)[];
	ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Rspamd-Queue-Id: 4cGqy56GDyz40KW

In message <aLfH8u9GwXX8IjyN@cell.glebi.us>, Gleb Smirnoff writes:
> On Tue, Sep 02, 2025 at 09:37:14PM -0700, Cy Schubert wrote:
> C> I think the problem is with OpenSSL 3.5. With the legacy provider loaded i
> n 
> C> OpenSSL 3.5 I get,
> C> 
> C> test3# openssl list -providers
> C> Providers:
> C>   default
> C>     name: OpenSSL Default Provider
> C>     version: 3.5.1
> C>     status: active
> C> test3# 
> C> 
> C> Whereas in 3.0 I get,
> C> 
> C> bob# openssl list -providers
> C> Providers:
> C>   default
> C>     name: OpenSSL Default Provider
> C>     version: 3.0.16
> C>     status: active
> C>   legacy
> C>     name: OpenSSL Legacy Provider
> C>     version: 3.0.16
> C>     status: active
> C> bob# 
> C> 
> C> Some symbol must be missing.
>
> The provider is no longer enabled by default in 3.5.  You need couple more
> lines in /etc/ssl/openssl.cnf.  This page has some examples:
>
> https://www.practicalnetworking.net/practical-tls/openssl-3-and-legacy-provid
> ers/

Those lines are already in my openssl.cnf.

...
[provider_sect]
default = default_sect
lagacy = legacy_sect
...
[default_sect]
# activate = 1
activate = 1

[legacy_sect]
activate = 1


>
> You also need CURRENT after b370fb00c89e9182f650943902a008f0c60883d6.

I'm running CURRENT as of this morning.

Works on the machine itself but not in the jail I'm testing in. Ok, there's 
something amiss with my jail.

The server itself produces the correct output.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e**(i*pi)+1=0