WITHOUT_OPENSSL and make delete-old
Kevin Oberman
rkoberman at gmail.com
Tue Jul 14 06:51:34 UTC 2015
On Mon, Jul 13, 2015 at 4:13 PM, Brandon Allbery <allbery.b at gmail.com>
wrote:
> On Mon, Jul 13, 2015 at 6:58 PM, Kevin Oberman <rkoberman at gmail.com>
> wrote:
>
>> Annoying! ssh has explicitly never used of OpenSSL. I just confirmed
>> that it still does not. It does use gssapi and kerberos, so even though it
>> makes no use of OpenSSL, it does use those two things which are not
>> actually part of OpenSSL. If you check /usr/src/crypto/openssl, there is no
>> gssapi or kerberos there. Both of these are in the heimdal sources. Looks
>> to me like WITHOUT_OPENSSL is really without a few other things but NOT
>> OpenSSL. Very weird.
>>
>
> Um? On most platforms OpenSSH uses OpenSSL's libcrypto. This was a FAQ
> nearly everywhere when there was a bug in the SSL/TLS part of OpenSSL and
> OpenSSH was updated as part of it ("no, OpenSSH is not vulnerable, but it
> depends on OpenSSL's libcrypto; while that part was not buggy, it had to be
> updated at the same time as the buggy TLS part").
>
> --
> brandon s allbery kf8nh sine nomine
> associates
> allbery.b at gmail.com
> ballbery at sinenomine.net
> unix, openafs, kerberos, infrastructure, xmonad
> http://sinenomine.net
>
Oh, crap. I forgot that libcrypto came from OpenSSL. As Emily Littela used
to say, "Never mind".
May both Emily and Gilda rest in peace and always be remembered.
--
Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
More information about the freebsd-stable
mailing list