WITHOUT_OPENSSL and make delete-old
Brandon Allbery
allbery.b at gmail.com
Mon Jul 13 23:13:53 UTC 2015
On Mon, Jul 13, 2015 at 6:58 PM, Kevin Oberman <rkoberman at gmail.com> wrote:
> Annoying! ssh has explicitly never used of OpenSSL. I just confirmed that
> it still does not. It does use gssapi and kerberos, so even though it makes
> no use of OpenSSL, it does use those two things which are not actually part
> of OpenSSL. If you check /usr/src/crypto/openssl, there is no gssapi or
> kerberos there. Both of these are in the heimdal sources. Looks to me like WITHOUT_OPENSSL
> is really without a few other things but NOT OpenSSL. Very weird.
>
Um? On most platforms OpenSSH uses OpenSSL's libcrypto. This was a FAQ
nearly everywhere when there was a bug in the SSL/TLS part of OpenSSL and
OpenSSH was updated as part of it ("no, OpenSSH is not vulnerable, but it
depends on OpenSSL's libcrypto; while that part was not buggy, it had to be
updated at the same time as the buggy TLS part").
--
brandon s allbery kf8nh sine nomine associates
allbery.b at gmail.com ballbery at sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
More information about the freebsd-stable
mailing list