[Bug 295336] openssh: pkcs11 is broken in new version (10.3p1)
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 295336] openssh: pkcs11 is broken in new version (10.3p1)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 16 May 2026 21:07:23 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295336
--- Comment #11 from Pouria Mousavizadeh Tehrani <pouria@freebsd.org> ---
(In reply to Dag-Erling Smørgrav from comment #9)
FYI, for now, I removed the library validation as a workaround to continue my
work.
```
diff --git a/crypto/openssh/ssh-pkcs11.c b/crypto/openssh/ssh-pkcs11.c
index 7a7d3b8eaa0a..93671e123643 100644
--- a/crypto/openssh/ssh-pkcs11.c
+++ b/crypto/openssh/ssh-pkcs11.c
@@ -1873,10 +1873,6 @@ pkcs11_register_provider(char *provider_id, char *pin,
debug_f("provider already registered: %s", provider_id);
goto fail;
}
- if (lib_contains_symbol(provider_id, "C_GetFunctionList") != 0) {
- error("provider %s is not a PKCS11 library", provider_id);
- goto fail;
- }
/* open shared pkcs11-library */
if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) {
```
+ make -C secure clean && make -C secure && make -C secure install
Works for now. (disabling HAVE_NLIST works too).
It may give your a clue, but its not urgent for me for now.
--
You are receiving this mail because:
You are the assignee for the bug.