Re: OpenSSL legacy provider is broken

In reply to: Lexi Winter : "Re: OpenSSL legacy provider is broken"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Sun, 10 Aug 2025 13:01:49 UTC

In message <aJiDZ6w1Od82CYzj@freefall.freebsd.org>, Lexi Winter writes:
> 
>
> --Q2wvLRJhf1H6uSmE
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> Cy Schubert:
> > This looks like it's due to MIT KRB5 in 15. The HEIMDAL option needs to b=
> e=20
> > replaced with a BASE option and BASE should test for MIT KRB5 or HEIMDAL =
> by=20
> > looking at which kdc (kdc for Heimdal or krb5kdc for MIT) is installed.
>
> no, don't do that: the kdc is an optional component that may not be
> installed when building ports, so you can't distinguish between base
> Kerberos versions that way.
>
> see https://reviews.freebsd.org/D51841 for a better way to do this.

Sorry, I didn't see that revision. I committed e38b33060387 last night 
after a couple of poudriere build failures here.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e**(i*pi)+1=0