WITHOUT_OPENSSL and make delete-old
rkoberman at gmail.com
Tue Jul 14 06:51:34 UTC 2015
On Mon, Jul 13, 2015 at 4:13 PM, Brandon Allbery <allbery.b at gmail.com>
> On Mon, Jul 13, 2015 at 6:58 PM, Kevin Oberman <rkoberman at gmail.com>
>> Annoying! ssh has explicitly never used of OpenSSL. I just confirmed
>> that it still does not. It does use gssapi and kerberos, so even though it
>> makes no use of OpenSSL, it does use those two things which are not
>> actually part of OpenSSL. If you check /usr/src/crypto/openssl, there is no
>> gssapi or kerberos there. Both of these are in the heimdal sources. Looks
>> to me like WITHOUT_OPENSSL is really without a few other things but NOT
>> OpenSSL. Very weird.
> Um? On most platforms OpenSSH uses OpenSSL's libcrypto. This was a FAQ
> nearly everywhere when there was a bug in the SSL/TLS part of OpenSSL and
> OpenSSH was updated as part of it ("no, OpenSSH is not vulnerable, but it
> depends on OpenSSL's libcrypto; while that part was not buggy, it had to be
> updated at the same time as the buggy TLS part").
> brandon s allbery kf8nh sine nomine
> allbery.b at gmail.com
> ballbery at sinenomine.net
> unix, openafs, kerberos, infrastructure, xmonad
Oh, crap. I forgot that libcrypto came from OpenSSL. As Emily Littela used
to say, "Never mind".
May both Emily and Gilda rest in peace and always be remembered.
Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
More information about the freebsd-stable