From nobody Mon Jul 3 13:27:52 2023 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qvmw64W1Qz4lZNP for ; Mon, 3 Jul 2023 13:28:38 +0000 (UTC) (envelope-from rhurlin@gwdg.de) Received: from mailer.gwdg.de (mailer.gwdg.de [134.76.10.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qvmw545Zqz3Ns2; Mon, 3 Jul 2023 13:28:37 +0000 (UTC) (envelope-from rhurlin@gwdg.de) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of rhurlin@gwdg.de designates 134.76.10.26 as permitted sender) smtp.mailfrom=rhurlin@gwdg.de; dmarc=none Received: from excmbx-16.um.gwdg.de ([134.76.9.227] helo=email.gwdg.de) by mailer.gwdg.de with esmtp (GWDG Mailer) (envelope-from ) id 1qGJbX-0006xs-El; Mon, 03 Jul 2023 15:28:35 +0200 Received: from MBX19-GWD-03.um.gwdg.de (10.108.142.56) by excmbx-16.um.gwdg.de (134.76.9.227) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.2507.27; Mon, 3 Jul 2023 15:28:35 +0200 Received: from [192.168.178.23] (10.250.9.199) by MBX19-GWD-03.um.gwdg.de (10.108.142.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1118.30; Mon, 3 Jul 2023 15:28:35 +0200 Message-ID: Date: Mon, 3 Jul 2023 15:27:52 +0200 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: OpenSSL 3.0 is in the tree To: References: <203b3fed-6fdd-0a19-72ce-fa2eea891222@madpilot.net> Content-Language: en-US Reply-To: Rainer Hurling From: Rainer Hurling CC: In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.250.9.199] X-ClientProxiedBy: excmbx-25.um.gwdg.de (134.76.9.235) To MBX19-GWD-03.um.gwdg.de (10.108.142.56) X-Virus-Scanned: (clean) by clamav X-Spamd-Result: default: False [-3.89 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.998]; NEURAL_HAM_SHORT(-0.99)[-0.994]; RWL_MAILSPIKE_EXCELLENT(-0.40)[134.76.10.26:from]; RCVD_IN_DNSWL_MED(-0.20)[134.76.10.26:from]; R_SPF_ALLOW(-0.20)[+ip4:134.76.10.0/23]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; FREEFALL_USER(0.00)[rhurlin]; HAS_REPLYTO(0.00)[rhurlin@FreeBSD.org]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[gwdg.de]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:680, ipnet:134.76.0.0/16, country:DE]; RCVD_IN_DNSWL_NONE(0.00)[134.76.9.227:received]; TO_DN_NONE(0.00)[]; REPLYTO_DN_EQ_FROM_DN(0.00)[]; HAS_XOIP(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org] X-Rspamd-Queue-Id: 4Qvmw545Zqz3Ns2 X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N Am 29.06.23 um 18:27 schrieb Pierre Pronchery: >         Hi Guido, freebsd-current@, > > On 6/29/23 15:14, Guido Falsi wrote: >> On 24/06/23 16:22, Ed Maste wrote: >>> Last night I merged OpenSSL 3.0 to main. This, along with the update >>> to Clang 16 and other recent changes may result in some challenges >>> over the next few days or weeks for folks following -CURRENT, such as >>> ports that need to be updated or unanticipated issues in the base >>> system. >>> >>> We need to get this work done so that we can continue moving on with >>> FreeBSD 14; I apologize for the trouble it might cause in the short >>> term. Please follow up to report any trouble you encounter. >> >> Not sure where to ask this, following up to this announcement looks >> like a reasonable choice. >> >> After updating head to this version I have had some ports provided >> software fail with messages including: "Unable to load legacy provider." >> >> Most of the time I am able to workaround it by forcing newer >> algorithms via some configuration. Some other times I have no direct >> control of what is being asked (like values hardcoded in npm modules)/ >> >> This is also happening to me with node, for example, has happened with >> RDP (looks like windows by default prefers RC4 for RDP sessions), >> where I was able to fix it though. >> >> Question is, does FreeBSD provide this legacy provider module? Or is >> it available via ports or some other solution? Or maybe it can be >> provided via a port? Would make the transition much easier! > > The legacy provider module is part of OpenSSL 3.0, it should be > installed in /usr/lib/ossl-modules/legacy.so alongside fips.so as part Iddd > of the base system. > > It's possible that some programs leveraging capsicum will fail to load > it, if the initialization of legacy algorithms in OpenSSL is performed > past entering capabilities mode (since it now requires a dlopen() to > access the module). > > Let me know if you have any additional details regarding issues with the > module. > > HTH, If this thread is not the appropriate one for my problem, I apologize. I am the maintainer of the graphics/qgis port. Now that my system 14.0-CURRENT is updated to clang16 and OpenSSL-3.0, I get the following abort message when starting qgis: #qgis Failed to load Legacy provider Apparently there is now also a problem with the legacy provider here. As I understand it, QGIS uses the port devel/qca for authorization and encryption, so it is also possible that devel/qca is not able to provide the legacy provider. Therefore I have taken kde@ into CC. Please let me know, if you need more information or some testing. Thanks for your work, Rainer