From owner-freebsd-security Tue Jul 30 12:24:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D1BA37B400 for ; Tue, 30 Jul 2002 12:24:29 -0700 (PDT) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 4557043E65 for ; Tue, 30 Jul 2002 12:24:28 -0700 (PDT) (envelope-from michaelnottebrock@gmx.net) Received: (qmail 13838 invoked by uid 0); 30 Jul 2002 19:24:26 -0000 Received: from pd9003286.dip.t-dialin.net (HELO gmx.net) (217.0.50.134) by mail.gmx.net (mp011-rz3) with SMTP; 30 Jul 2002 19:24:26 -0000 Message-ID: <3D46E7ED.1040006@gmx.net> Date: Tue, 30 Jul 2002 21:24:29 +0200 From: Michael Nottebrock User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.0rc2) Gecko/20020513 Netscape/7.0b1 X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH not using libssl? References: <121122473609.20020730210032@buz.ch> X-Enigmail-Version: 0.61.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig7789364C55CCD822E38AA594" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following is an OpenPGP/MIME signed message created by Enigmail/Mozilla, following RFC 2440 and RFC 2015 --------------enig7789364C55CCD822E38AA594 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Gabriel Ambuehl wrote: > Hi, > I'm somewhat confused now. I wanted to install the openssl port which > worked out fine and tried to figure out what I need to do to get > openssh (which makes the whole thing a disaster) to use the new lib so > I went on and did: > # ldd /usr/sbin/sshd > /usr/sbin/sshd: > libopie.so.2 => /usr/lib/libopie.so.2 (0x28086000) > libmd.so.2 => /usr/lib/libmd.so.2 (0x2808f000) > libssh.so.2 => /usr/lib/libssh.so.2 (0x28098000) > libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280c9000) > libcrypto.so.2 => /usr/lib/libcrypto.so.2 (0x280e2000) > libutil.so.3 => /usr/lib/libutil.so.3 (0x28199000) > libz.so.2 => /usr/lib/libz.so.2 (0x281a2000) > libwrap.so.3 => /usr/lib/libwrap.so.3 (0x281af000) > libpam.so.1 => /usr/lib/libpam.so.1 (0x281b7000) > libc.so.4 => /usr/lib/libc.so.4 (0x281c1000) > > Now what's up here? Isn't OpenSSH based on OpenSSL? It uses libcrypto, but it shouldn't be vulnerable. -- Michael Nottebrock "The circumstance ends uglily in the cruel result." - Babelfish --------------enig7789364C55CCD822E38AA594 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9RuftXhc68WspdLARAuKaAJ41F79l80Q2+/lmssxpGG8KTfEiAwCeOXLq iRlIoYzMvQ+p0Cvu2tA4nlQ= =siKk -----END PGP SIGNATURE----- --------------enig7789364C55CCD822E38AA594-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message