openssl version - how to verify

Robert Bonomi bonomi at
Fri Nov 19 20:56:34 UTC 2010

> From owner-freebsd-questions at  Mon Nov 15 09:38:53 2010
> Date: Mon, 15 Nov 2010 18:40:27 +0300
> From: c0re <nr1c0re at>
> To: FreeBSD <freebsd-questions at>
> Subject: Re: openssl version - how to verify
> 2010/11/15 Jerry <freebsd.user at>:
> There are still too many broken ports with openssl from ports, I do
> not like debug it and really like to use base openssl, almost no
> difference.
> But I just want to have some proves that base system openssl has
> security patches because 7.3-RELEASE base openssl is 0.9.8e, but
> 0.9.8e has got security vulnerabilities. But how can I be sure that
> freebsd base system with 0.9.8e version does not have any
> vulnerabilities?

_authoritative_ answer: You _cannot_.

Statement rationale:
   "The number of discovered bugs in any system is a finite number.
    The number of _UNDISCOVERED_ bugs, on the other hand, is an infinite one.
    By definition."

More information about the freebsd-questions mailing list