WITHOUT_OPENSSL and make delete-old

Brandon Allbery allbery.b at gmail.com
Mon Jul 13 23:13:53 UTC 2015

On Mon, Jul 13, 2015 at 6:58 PM, Kevin Oberman <rkoberman at gmail.com> wrote:

> Annoying! ssh has explicitly never used of OpenSSL. I just confirmed that
> it still does not. It does use gssapi and kerberos, so even though it makes
> no use of OpenSSL, it does use those two things which are not actually part
> of OpenSSL. If you check /usr/src/crypto/openssl, there is no gssapi or
> kerberos there. Both of these are in the heimdal sources. Looks to me like WITHOUT_OPENSSL
> is really without a few other things but NOT OpenSSL. Very weird.

Um? On most platforms OpenSSH uses OpenSSL's libcrypto. This was a FAQ
nearly everywhere when there was a bug in the SSL/TLS part of OpenSSL and
OpenSSH was updated as part of it ("no, OpenSSH is not vulnerable, but it
depends on OpenSSL's libcrypto; while that part was not buggy, it had to be
updated at the same time as the buggy TLS part").

brandon s allbery kf8nh                               sine nomine associates
allbery.b at gmail.com                                  ballbery at sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net

More information about the freebsd-stable mailing list