From owner-freebsd-security Tue Jul 30 12:16: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BA6537B4C6 for ; Tue, 30 Jul 2002 12:16:03 -0700 (PDT) Received: from silver.teardrop.org (silver.teardrop.org [64.61.57.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3737043E65 for ; Tue, 30 Jul 2002 12:16:03 -0700 (PDT) (envelope-from snow@teardrop.org) Received: by silver.teardrop.org (Postfix, from userid 100) id 32FBE26DD5; Tue, 30 Jul 2002 15:15:57 -0400 (EDT) Date: Tue, 30 Jul 2002 15:15:56 -0400 From: James Snow To: Gabriel Ambuehl Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH not using libssl? Message-ID: <20020730151556.A44974@teardrop.org> References: <121122473609.20020730210032@buz.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <121122473609.20020730210032@buz.ch>; from gaml@buz.ch on Tue, Jul 30, 2002 at 09:00:32PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 30, 2002 at 09:00:32PM +0200, Gabriel Ambuehl wrote: > # ldd /usr/sbin/sshd > /usr/sbin/sshd: ... > libcrypto.so.2 => /usr/lib/libcrypto.so.2 (0x280e2000) ... > Now what's up here? Isn't OpenSSH based on OpenSSL? If so, why doesn't > libssl show up (with stunnel, for one, it does, BTW stunnel will > automatically use /usr/local/lib/libssl upon a recompile)? Guess I > better wait until the CVS contains a fix for the base tree... I scratched my head at this initially as well. But if you build OpenSSL from source, you'll see that it includes libcrypto. It's not as obvious in the FreeBSD /usr/src tree because of the way that things are broken out. (At least, it wasn't obvious to me; I may just be clueless) Since OpenSSH is the only daemon I run that uses OpenSSL, I just ran the patch from the original advisory in /usr/src/crypto/openssl, rebuilt /usr/src/secure/lib/libcrypto, and bounced sshd. This may not have been exactly the correct thing to do, but it seems to have worked out for me. -Snow To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message