Qpopper and openssl on FreeBSD 11.x

Doug Hardie bc979 at lafn.org
Sat Feb 17 03:22:42 UTC 2018

I have encountered an interesting situation while trying to resolve a PR on qpopper.  I am unable to build qpopper on 11.1 (and probably 11.0) because the openssl function SSLv3_server_method has been removed.  I can see where the SSLv2 functions are disabled in ssl.h, but the SSLv3 functions appear that they should be there.  nm on libssl shows they are there.  Clang's linker can't link to them.  One of the qpopper users' indicates that the problem does not exist on 10.4.  I believe the loss of the SSLv3 methods is a bug and have filed Bug report.

Resolution of that PR will obviously take some time.  The question at hand is what to do in the meantime. I am guessing the packages must be built on 10.x or there would be a report of the problem.  I can easily change the code, via a patch, to use SSLv23_server_method in all cases, or the preferred TLSv1_server_method.  That will eliminate the options to restrict qpopper to SSLv2 or SSLv3.  This does not appear to be an issue for those running 11.x.  However, it is for those using 10.x and earlier.  Given the security issues today, I can't imagine anyone wanting to use those options, but it is possible someone is using them.  Switching to the TLSv1_server_method will remove that capability for them.  

-- Doug

More information about the freebsd-ports mailing list