Re: OpenSSL legacy provider is broken

Reply: Cy Schubert : "Re: OpenSSL legacy provider is broken"
In reply to: Ian FREISLICH : "OpenSSL legacy provider is broken"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Enji Cooper (yaneurabeya) <yaneurabeya_at_gmail.com>
Date: Sun, 10 Aug 2025 02:32:39 UTC

> On Aug 9, 2025, at 7:08 AM, Ian FREISLICH <ianfreislich@gmail.com> wrote:
> 
> Hi
> 
> Previously this worked
> 
> [brane] /usr/ports # openssl list -providers -provider legacy
> Providers:
>  legacy
>    name: OpenSSL Legacy Provider
>    version: 3.0.16
>    status: active
> 
> Since the build last night,
> 
> [router] /usr/ports/net/freeradius3 # openssl list -providers -provider legacy
> list: unable to load provider legacy
> Hint: use -provider-path option or OPENSSL_MODULES environment variable.
> 10B045DBE7340000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/ossl-modules/legacy.so): /usr/lib/ossl-modules/legacy.so: Undefined symbol "ossl_kdf_pvk_functions"
> 10B045DBE7340000:error:12800067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:147:
> 10B045DBE7340000:error:07880025:common libcrypto routines:provider_init:reason(37):/usr/src/crypto/openssl/crypto/provider_core.c:1019:name=legacy
> 
> and freeradius doesn't start because of this:
> 
> [router] /usr/ports/net/freeradius3 # radiusd -fX
> FreeRADIUS Version 3.2.7
> ...
> (TLS) Failed loading legacy provider
> 
> I haven't yet figured out what part of my EAP configuration needs the legacy provider. It may be that EAP just needs a working legacy provider because it looks like the EAP module unconditionally attempts to load the provider and fails.