From owner-freebsd-security Tue Jul 30 12:15:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44D4437B400 for ; Tue, 30 Jul 2002 12:15:11 -0700 (PDT) Received: from goofy.epylon.com (216-203-220-162.customer.algx.net [216.203.220.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id E633443E3B for ; Tue, 30 Jul 2002 12:15:06 -0700 (PDT) (envelope-from jdicioccio@epylon.com) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id <3MAKPM7F>; Tue, 30 Jul 2002 12:15:06 -0700 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF635@goofy.epylon.lan> From: "DiCioccio, Jason" To: 'Gabriel Ambuehl' , freebsd-security@freebsd.org Subject: RE: OpenSSH not using libssl? Date: Tue, 30 Jul 2002 12:15:05 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 libcrypto is part of openssl.. Unless the vulnerability was only in libssl? I don't think so though.. Cheers, - -JD- - -----Original Message----- From: Gabriel Ambuehl [mailto:gaml@buz.ch] Sent: Tuesday, July 30, 2002 12:01 PM To: freebsd-security@freebsd.org Subject: OpenSSH not using libssl? Hi, I'm somewhat confused now. I wanted to install the openssl port which worked out fine and tried to figure out what I need to do to get openssh (which makes the whole thing a disaster) to use the new lib so I went on and did: # ldd /usr/sbin/sshd /usr/sbin/sshd: libopie.so.2 => /usr/lib/libopie.so.2 (0x28086000) libmd.so.2 => /usr/lib/libmd.so.2 (0x2808f000) libssh.so.2 => /usr/lib/libssh.so.2 (0x28098000) libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280c9000) libcrypto.so.2 => /usr/lib/libcrypto.so.2 (0x280e2000) libutil.so.3 => /usr/lib/libutil.so.3 (0x28199000) libz.so.2 => /usr/lib/libz.so.2 (0x281a2000) libwrap.so.3 => /usr/lib/libwrap.so.3 (0x281af000) libpam.so.1 => /usr/lib/libpam.so.1 (0x281b7000) libc.so.4 => /usr/lib/libc.so.4 (0x281c1000) Now what's up here? Isn't OpenSSH based on OpenSSL? If so, why doesn't libssl show up (with stunnel, for one, it does, BTW stunnel will automatically use /usr/local/lib/libssl upon a recompile)? Guess I better wait until the CVS contains a fix for the base tree... regards, Gabriel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPUbl2DKUHizV76d/EQL1fwCffSU3eKgiVnbioVLsBBZZ79T+P1MAn3SN v49doiJnJIewX5Kgp+X/Vqwp =zMHw -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message