Date: Tue, 24 Oct 2023 22:09:33 +0200 From: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org> To: ports@freebsd.org Subject: Re: FreeBSD 13 + CertBot + OpenSSL 3 - status? Message-ID: <c40cb8eb-f6e9-4b9d-9724-9a65356b9d87@FreeBSD.org> In-Reply-To: <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org> References: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org> <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------f2Qi0BXzrG8NBJAXSWd7cQbv Content-Type: multipart/mixed; boundary="------------hlr2EndMvNb9fXVkKY4ElZQw"; protected-headers="v1" From: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org> To: ports@freebsd.org Message-ID: <c40cb8eb-f6e9-4b9d-9724-9a65356b9d87@FreeBSD.org> Subject: Re: FreeBSD 13 + CertBot + OpenSSL 3 - status? References: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org> <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org> In-Reply-To: <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org> --------------hlr2EndMvNb9fXVkKY4ElZQw Content-Type: multipart/alternative; boundary="------------lWLSEiQOHBwmp7z0wnggrjJa" --------------lWLSEiQOHBwmp7z0wnggrjJa Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjQvMTAvMjAyMyAxODoyNCwgTWF0dGhldyBTZWFtYW4gd3JvdGU6DQo+IE9uIDI0LzEw LzIwMjMgMTM6NTQsIER1dGNoRGFlbW9uIC0gRnJlZUJTRCBGb3J1bXMgQWRtaW5pc3RyYXRv ciB3cm90ZToNCj4+IERvZXMgYW55b25lIGluICdwb3J0IGxhbmQnIGtub3cgd2hhdCB0aGUg Y3VycmVudCBkZXZlbG9wbWVudHMgYXJlIHdydCANCj4+IENlcnRCb3QgKG9yIHB5LWNyeXB0 byB1bmRlciBpdHMgaG9vZCk/DQo+Pg0KPj4gQ2VydEJvdCBpcyBoYXBwaWx5IGNvbXBpbGlu ZyBhZ2FpbnN0IE9wZW5TU0wgMyBmcm9tIHBvcnRzLCBidXQgd2hlbiANCj4+IHJ1bm5pbmcg J2NlcnRib3QnLCB0aGUgY3J5cHRvIHNpZGUgb2YgaXQgdGFsa3MgdG8gdGhlIGJhc2Ugc3lz dGVtIA0KPj4gT3BlblNTTCAxLjEuMSwgaGVuY2UgZmFpbGluZyBiZWNhdXNlIHRoZSBPcGVu U1NMIDEuMS4xIGxpYnJhcnkgZG9lcyANCj4+IG5vdCB1bmRlcnN0YW5kIHRoZSBPcGVuU1NM IDMgY2FsbHMgbWFkZSB0byBpdC4NCj4+DQo+PiDCoEZyb20gd2hhdCBJIHVuZGVyc3Rvb2Qs IHRoaXMgd2FzIGR1ZSB0byBhbiBlcnJvci9yZWdyZXNzaW9uIGluIA0KPj4gcGtnY29uZig/ KSB3aGljaCBjYXVzZXMgc29tZSB0eXBlIG9mICdwYXRoIHJldmVyc2FsJyB0aGF0IGNhdXNl cyANCj4+IHB5LWNyeXB0byB0byBpZ25vcmUgdGhlIE9wZW5TU0wgaXQgd2FzIGNvbXBpbGVk IGFnYWluc3QsIGZhdm9yaW5nIHRoZSANCj4+IGJhc2Ugc3lzdGVtIGxpYnJhcnkuDQo+Pg0K Pj4gSSBlaXRoZXIgaGF2ZSB0byByZXZlcnQgYSB3aG9sZSBsb3Qgb2Ygc2VydmVycyBiYWNr IHRvIE9wZW5TU0wgMS4xLjF3IA0KPj4gZnJvbSBwb3J0cyBpbiBvcmRlciB0byByZW5ldyBj ZXJ0aWZpY2F0ZXMsIG9yIHdhaXQgZm9yICJhbnkgbW92ZW1lbnQiIA0KPj4gaW4gZ2V0dGlu ZyB0aGUgcGF0aCByZXZlcnNhbCBhZGRyZXNzZWQvZml4ZWQuDQo+Pg0KPj4gU286IGRvZXMg YW55b25lIGtub3cgd2hlcmUgd2UncmUgYXQgd2l0aCB0aGlzPw0KPj4NCj4NCj4gY2VydGJv dCBpcyBydW5uaW5nIGp1c3QgZmluZSBmb3IgbWUgb24gc3RhYmxlLzE0IHdpdGggb3BlbnNz bCAzLnggZnJvbSANCj4gcG9ydHMuwqAgTm90ZSB0aGF0IHN0YWJsZS8xNCBoYXMgb3BlbnNz bCAzLnggaW4gYmFzZS4NCj4NCj4gwqDCoMKgwqBDaGVlcnMsDQo+DQo+IMKgwqDCoMKgTWF0 dGhldw0KPg0KDQpZZXMgOykNCg0KDQpJIGtuZXcgdGhhdCB0aGF0IHdvdWxkIGJlICd0aGUg b3RoZXIgb3B0aW9uJywgYnV0IHRyYWNraW5nIC1SRUxFQVNFIGFuZCANCml0cyBwYXRjaCBs ZXZlbHMgaXMgY3VycmVudGx5IHByZWZlcnJlZCBvdmVyIGhlcmUuDQoNCkdvdCBhIHRpcCBh Ym91dCAnZGVoeWRyYXRlZCcsIHNvIG1heWJlIHRoYXQnbGwgd29yayBmb3Igbm93LCB1bnRp bCANCjE0LVJFTCBpcyBvbiB0aGUgYm9va3MuDQoNCg== --------------lWLSEiQOHBwmp7z0wnggrjJa Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html> <html data-lt-installed=3D"true"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF= -8"> </head> <body style=3D"padding-bottom: 1px;" text=3D"#000000" bgcolor=3D"#FFFFF= F"> <div class=3D"moz-cite-prefix">On 24/10/2023 18:24, Matthew Seaman wrote:<br> </div> <blockquote type=3D"cite" cite=3D"mid:7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org">On 24/10/2023 13:54, DutchDaemon - FreeBSD Forums Administrator wrote: <br> <blockquote type=3D"cite">Does anyone in 'port land' know what the current developments are wrt CertBot (or py-crypto under its hood)? <br> <br> CertBot is happily compiling against OpenSSL 3 from ports, but when running 'certbot', the crypto side of it talks to the base system OpenSSL 1.1.1, hence failing because the OpenSSL 1.1.1 library does not understand the OpenSSL 3 calls made to it. <br> <br> =C2=A0From what I understood, this was due to an error/regression= in pkgconf(?) which causes some type of 'path reversal' that causes py-crypto to ignore the OpenSSL it was compiled against, favoring the base system library. <br> <br> I either have to revert a whole lot of servers back to OpenSSL 1.1.1w from ports in order to renew certificates, or wait for "any movement" in getting the path reversal addressed/fixed. <br> <br> So: does anyone know where we're at with this? <br> <br> </blockquote> <br> certbot is running just fine for me on stable/14 with openssl 3.x from ports.=C2=A0 Note that stable/14 has openssl 3.x in base. <br> <br> =C2=A0=C2=A0=C2=A0=C2=A0Cheers, <br> <br> =C2=A0=C2=A0=C2=A0=C2=A0Matthew <br> <br> </blockquote> <p><br> </p> <p>Yes ;)=C2=A0</p> <p><br> </p> <p>I knew that that would be 'the other option', but tracking -RELEASE and its patch levels is currently preferred over here.</p>= <p>Got a tip about 'dehydrated', so maybe that'll work for now, until 14-REL is on the books.<br> </p> </body> <lt-container></lt-container> </html> --------------lWLSEiQOHBwmp7z0wnggrjJa-- --------------hlr2EndMvNb9fXVkKY4ElZQw-- --------------f2Qi0BXzrG8NBJAXSWd7cQbv Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEE9AWUvcZu/lO5r3wZ0R2eb0cya6gFAmU4JH0FAwAAAAAACgkQ0R2eb0cya6j4 gg//dU8hqTjji73Qf9uuBQBXrjQZ3LJ2BGvvWzHx1vAooCO5kzTegQCRhaN0gnQGenkjsOc9VPMJ k9VgL/xZztQzQIJstcGwsPqLotD+pvzDZpFiJruRwqOQXUIEYhAyZ5kJL9uHVicN0ApjAX8+9nKj ksJPig9zfg8KVj+gZRWDuecBdQfo5ZBFZx8wr1ACB1wA+L7Lc9csmta7em4UereGxgMbby6sbIm9 oZsRTjBj/6KyQ8seeOi0lMcLvFZHGa+A6JmJZZwtX+r1ivBTwJmW1bzdj27MTp507Iyz4Crdz6ib rLNbq/m0CetVQk8k54q8hj2HHlMT51dTgjR97bRe8Wz8CbsOqQ6+iDTeWU/CFqgMFJtQoP9v/wVQ ZRYKvHms53Kc2XsKFZVwhucBZb+ogGKL2IUZ1C1A2cAigUt8clcqPWFyOnaQdp8aJMAMDcNUkE6e EnEil7Qw2tAb/qmICNGJcKgEAjC4Pbh0KkycoM+czgVUfxpzQvcY+SgZ01AZy+d987ny1MYxH5lr rn+MJVpXmHBWKLLOPoSpxmYYwTbVeFrMt0Tujv9CE0q5j7UTN7UePJ3aGsON65Wui5mpwNmlZ0V+ zS+vWgEWq+WfVpaZI113RCyiDCFAQCaoh6AdVjHPow5pw26kOaEXRri99JE2dRU9YNgVYerY5ECi bQI= =Hi54 -----END PGP SIGNATURE----- --------------f2Qi0BXzrG8NBJAXSWd7cQbv--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c40cb8eb-f6e9-4b9d-9724-9a65356b9d87>