Date: Tue, 24 Oct 2023 14:54:31 +0200 From: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org> To: freebsd-ports@freebsd.org Subject: FreeBSD 13 + CertBot + OpenSSL 3 - status? Message-ID: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------rnAWZe4HacKu4KYaqcmbUKS0
Content-Type: multipart/mixed; boundary="------------ktulXRIxPsWGpDipvPIWvNVL";
protected-headers="v1"
From: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org>
To: freebsd-ports@freebsd.org
Message-ID: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org>
Subject: FreeBSD 13 + CertBot + OpenSSL 3 - status?
--------------ktulXRIxPsWGpDipvPIWvNVL
Content-Type: multipart/alternative;
boundary="------------E1XSKsDc4x1MAhsZKZrol0WX"
--------------E1XSKsDc4x1MAhsZKZrol0WX
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
RG9lcyBhbnlvbmUgaW4gJ3BvcnQgbGFuZCcga25vdyB3aGF0IHRoZSBjdXJyZW50IGRldmVs
b3BtZW50cyBhcmUgd3J0IA0KQ2VydEJvdCAob3IgcHktY3J5cHRvIHVuZGVyIGl0cyBob29k
KT8NCg0KQ2VydEJvdCBpcyBoYXBwaWx5IGNvbXBpbGluZyBhZ2FpbnN0IE9wZW5TU0wgMyBm
cm9tIHBvcnRzLCBidXQgd2hlbiANCnJ1bm5pbmcgJ2NlcnRib3QnLCB0aGUgY3J5cHRvIHNp
ZGUgb2YgaXQgdGFsa3MgdG8gdGhlIGJhc2Ugc3lzdGVtIA0KT3BlblNTTCAxLjEuMSwgaGVu
Y2UgZmFpbGluZyBiZWNhdXNlIHRoZSBPcGVuU1NMIDEuMS4xIGxpYnJhcnkgZG9lcyBub3Qg
DQp1bmRlcnN0YW5kIHRoZSBPcGVuU1NMIDMgY2FsbHMgbWFkZSB0byBpdC4NCg0KIEZyb20g
d2hhdCBJIHVuZGVyc3Rvb2QsIHRoaXMgd2FzIGR1ZSB0byBhbiBlcnJvci9yZWdyZXNzaW9u
IGluIA0KcGtnY29uZig/KSB3aGljaCBjYXVzZXMgc29tZSB0eXBlIG9mICdwYXRoIHJldmVy
c2FsJyB0aGF0IGNhdXNlcyANCnB5LWNyeXB0byB0byBpZ25vcmUgdGhlIE9wZW5TU0wgaXQg
d2FzIGNvbXBpbGVkIGFnYWluc3QsIGZhdm9yaW5nIHRoZSANCmJhc2Ugc3lzdGVtIGxpYnJh
cnkuDQoNCkkgZWl0aGVyIGhhdmUgdG8gcmV2ZXJ0IGEgd2hvbGUgbG90IG9mIHNlcnZlcnMg
YmFjayB0byBPcGVuU1NMIDEuMS4xdyANCmZyb20gcG9ydHMgaW4gb3JkZXIgdG8gcmVuZXcg
Y2VydGlmaWNhdGVzLCBvciB3YWl0IGZvciAiYW55IG1vdmVtZW50IiBpbiANCmdldHRpbmcg
dGhlIHBhdGggcmV2ZXJzYWwgYWRkcmVzc2VkL2ZpeGVkLg0KDQpTbzogZG9lcyBhbnlvbmUg
a25vdyB3aGVyZSB3ZSdyZSBhdCB3aXRoIHRoaXM/DQoNCg==
--------------E1XSKsDc4x1MAhsZKZrol0WX
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html data-lt-installed=3D"true">
<head>
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3DUTF=
-8">
</head>
<body style=3D"padding-bottom: 1px;" text=3D"#000000" bgcolor=3D"#FFFFF=
F">
<p>Does anyone in 'port land' know what the current developments are
wrt CertBot (or py-crypto under its hood)?=C2=A0</p>
<p>CertBot is happily compiling against OpenSSL 3 from ports, but
when running 'certbot', the crypto side of it talks to the base
system OpenSSL 1.1.1, hence failing because the OpenSSL 1.1.1
library does not understand the OpenSSL 3 calls made to it.</p>
<p>From what I understood, this was due to an error/regression in
pkgconf(?) which causes some type of 'path reversal' that causes
py-crypto to ignore the OpenSSL it was compiled against, favoring
the base system library.</p>
<p>I either have to revert a whole lot of servers back to OpenSSL
1.1.1w from ports in order to renew certificates, or wait for "any
movement" in getting the path reversal addressed/fixed.</p>
<p>So: does anyone know where we're at with this?<br>
</p>
</body>
<lt-container></lt-container>
</html>
--------------E1XSKsDc4x1MAhsZKZrol0WX--
--------------ktulXRIxPsWGpDipvPIWvNVL--
--------------rnAWZe4HacKu4KYaqcmbUKS0
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEE9AWUvcZu/lO5r3wZ0R2eb0cya6gFAmU3vogFAwAAAAAACgkQ0R2eb0cya6gB
AA//diwlLGyFHvmkuL0hi78YbO17gRlidsvEUflweK6el8Iz+qKSAy1xTZeafpoEk5YXWLhiU0Qm
YUkUilBFDXsgjVfcDqDUcDlnfTrlOPiaRR2ZAPHwkTDqISIUZn/prRpio4F5JXx0TYCz8+ZotsSr
wZYJzYnrzh1AQRBzpiY3CHUfVL1Ddfjzu6ArL9kjaDSXN2227flpTNlSMp3wD4V9pohvHp23RpEr
IUHK8R4NdVp2hQPujg4yWxforyZ21Yqs5kQ+7TLTjeDyTkoKhDrjeaO/PsUF0PPdLR6y/BIQOjSS
rSJD9CZqhK5Tqz1Ka/ndn2qEhVm2DAr3WdkpSw9P/Znx1g6S4iBHEeiS6Lfum5A7CyC6NDHhQjyo
kX2NUbNMVvbuSjfwW5RvmIZLww9R0zcMGrVlps6CnlYKAlquWqKuJV4XBy+uZ5gn312Ew6GYV/0+
XUdL9xi9/DNC9Zpz6hILo0NPJslrA0vGsAMCDD+xiA1qoTffGCznouE98NMcTZMrRVI7D1RbbXWN
Pj4ALrLN2AaQm7IU/nkb73FTN883zFmRg/8Cq38yGyCI3roayyolOJTpSyoQZBWPBm5iKcAgs2Ll
obxjssFHh7Pk7M75Xkwz6oQbZZE729gV9gLTiSqlGvBvjbMUVDZ9tkMbtXesUH1NsXQ9D/Gpcnv0
OSc=
=o144
-----END PGP SIGNATURE-----
--------------rnAWZe4HacKu4KYaqcmbUKS0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?76713a44-1fa4-41ee-a4f9-177907e9a57f>