FreeBSD Mail Archives

Date:      Tue, 24 Oct 2023 22:09:33 +0200
From:      DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org>
To:        ports@freebsd.org
Subject:   Re: FreeBSD 13 + CertBot + OpenSSL 3 - status?
Message-ID:  <c40cb8eb-f6e9-4b9d-9724-9a65356b9d87@FreeBSD.org>
In-Reply-To: <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org>
References:  <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org> <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------f2Qi0BXzrG8NBJAXSWd7cQbv
Content-Type: multipart/mixed; boundary="------------hlr2EndMvNb9fXVkKY4ElZQw";
 protected-headers="v1"
From: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org>
To: ports@freebsd.org
Message-ID: <c40cb8eb-f6e9-4b9d-9724-9a65356b9d87@FreeBSD.org>
Subject: Re: FreeBSD 13 + CertBot + OpenSSL 3 - status?
References: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org>
 <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org>
In-Reply-To: <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org>

--------------hlr2EndMvNb9fXVkKY4ElZQw
Content-Type: multipart/alternative;
 boundary="------------lWLSEiQOHBwmp7z0wnggrjJa"

--------------lWLSEiQOHBwmp7z0wnggrjJa
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

T24gMjQvMTAvMjAyMyAxODoyNCwgTWF0dGhldyBTZWFtYW4gd3JvdGU6DQo+IE9uIDI0LzEw
LzIwMjMgMTM6NTQsIER1dGNoRGFlbW9uIC0gRnJlZUJTRCBGb3J1bXMgQWRtaW5pc3RyYXRv
ciB3cm90ZToNCj4+IERvZXMgYW55b25lIGluICdwb3J0IGxhbmQnIGtub3cgd2hhdCB0aGUg
Y3VycmVudCBkZXZlbG9wbWVudHMgYXJlIHdydCANCj4+IENlcnRCb3QgKG9yIHB5LWNyeXB0
byB1bmRlciBpdHMgaG9vZCk/DQo+Pg0KPj4gQ2VydEJvdCBpcyBoYXBwaWx5IGNvbXBpbGlu
ZyBhZ2FpbnN0IE9wZW5TU0wgMyBmcm9tIHBvcnRzLCBidXQgd2hlbiANCj4+IHJ1bm5pbmcg
J2NlcnRib3QnLCB0aGUgY3J5cHRvIHNpZGUgb2YgaXQgdGFsa3MgdG8gdGhlIGJhc2Ugc3lz
dGVtIA0KPj4gT3BlblNTTCAxLjEuMSwgaGVuY2UgZmFpbGluZyBiZWNhdXNlIHRoZSBPcGVu
U1NMIDEuMS4xIGxpYnJhcnkgZG9lcyANCj4+IG5vdCB1bmRlcnN0YW5kIHRoZSBPcGVuU1NM
IDMgY2FsbHMgbWFkZSB0byBpdC4NCj4+DQo+PiDCoEZyb20gd2hhdCBJIHVuZGVyc3Rvb2Qs
IHRoaXMgd2FzIGR1ZSB0byBhbiBlcnJvci9yZWdyZXNzaW9uIGluIA0KPj4gcGtnY29uZig/
KSB3aGljaCBjYXVzZXMgc29tZSB0eXBlIG9mICdwYXRoIHJldmVyc2FsJyB0aGF0IGNhdXNl
cyANCj4+IHB5LWNyeXB0byB0byBpZ25vcmUgdGhlIE9wZW5TU0wgaXQgd2FzIGNvbXBpbGVk
IGFnYWluc3QsIGZhdm9yaW5nIHRoZSANCj4+IGJhc2Ugc3lzdGVtIGxpYnJhcnkuDQo+Pg0K
Pj4gSSBlaXRoZXIgaGF2ZSB0byByZXZlcnQgYSB3aG9sZSBsb3Qgb2Ygc2VydmVycyBiYWNr
IHRvIE9wZW5TU0wgMS4xLjF3IA0KPj4gZnJvbSBwb3J0cyBpbiBvcmRlciB0byByZW5ldyBj
ZXJ0aWZpY2F0ZXMsIG9yIHdhaXQgZm9yICJhbnkgbW92ZW1lbnQiIA0KPj4gaW4gZ2V0dGlu
ZyB0aGUgcGF0aCByZXZlcnNhbCBhZGRyZXNzZWQvZml4ZWQuDQo+Pg0KPj4gU286IGRvZXMg
YW55b25lIGtub3cgd2hlcmUgd2UncmUgYXQgd2l0aCB0aGlzPw0KPj4NCj4NCj4gY2VydGJv
dCBpcyBydW5uaW5nIGp1c3QgZmluZSBmb3IgbWUgb24gc3RhYmxlLzE0IHdpdGggb3BlbnNz
bCAzLnggZnJvbSANCj4gcG9ydHMuwqAgTm90ZSB0aGF0IHN0YWJsZS8xNCBoYXMgb3BlbnNz
bCAzLnggaW4gYmFzZS4NCj4NCj4gwqDCoMKgwqBDaGVlcnMsDQo+DQo+IMKgwqDCoMKgTWF0
dGhldw0KPg0KDQpZZXMgOykNCg0KDQpJIGtuZXcgdGhhdCB0aGF0IHdvdWxkIGJlICd0aGUg
b3RoZXIgb3B0aW9uJywgYnV0IHRyYWNraW5nIC1SRUxFQVNFIGFuZCANCml0cyBwYXRjaCBs
ZXZlbHMgaXMgY3VycmVudGx5IHByZWZlcnJlZCBvdmVyIGhlcmUuDQoNCkdvdCBhIHRpcCBh
Ym91dCAnZGVoeWRyYXRlZCcsIHNvIG1heWJlIHRoYXQnbGwgd29yayBmb3Igbm93LCB1bnRp
bCANCjE0LVJFTCBpcyBvbiB0aGUgYm9va3MuDQoNCg==
--------------lWLSEiQOHBwmp7z0wnggrjJa
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html data-lt-installed=3D"true">
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF=
-8">
  </head>
  <body style=3D"padding-bottom: 1px;" text=3D"#000000" bgcolor=3D"#FFFFF=
F">
    <div class=3D"moz-cite-prefix">On 24/10/2023 18:24, Matthew Seaman
      wrote:<br>
    </div>
    <blockquote type=3D"cite"
      cite=3D"mid:7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org">On
      24/10/2023 13:54, DutchDaemon - FreeBSD Forums Administrator
      wrote:
      <br>
      <blockquote type=3D"cite">Does anyone in 'port land' know what the
        current developments are wrt CertBot (or py-crypto under its
        hood)?
        <br>
        <br>
        CertBot is happily compiling against OpenSSL 3 from ports, but
        when running 'certbot', the crypto side of it talks to the base
        system OpenSSL 1.1.1, hence failing because the OpenSSL 1.1.1
        library does not understand the OpenSSL 3 calls made to it.
        <br>
        <br>
        =C2=A0From what I understood, this was due to an error/regression=
 in
        pkgconf(?) which causes some type of 'path reversal' that causes
        py-crypto to ignore the OpenSSL it was compiled against,
        favoring the base system library.
        <br>
        <br>
        I either have to revert a whole lot of servers back to OpenSSL
        1.1.1w from ports in order to renew certificates, or wait for
        "any movement" in getting the path reversal addressed/fixed.
        <br>
        <br>
        So: does anyone know where we're at with this?
        <br>
        <br>
      </blockquote>
      <br>
      certbot is running just fine for me on stable/14 with openssl 3.x
      from ports.=C2=A0 Note that stable/14 has openssl 3.x in base.
      <br>
      <br>
      =C2=A0=C2=A0=C2=A0=C2=A0Cheers,
      <br>
      <br>
      =C2=A0=C2=A0=C2=A0=C2=A0Matthew
      <br>
      <br>
    </blockquote>
    <p><br>
    </p>
    <p>Yes ;)=C2=A0</p>
    <p><br>
    </p>
    <p>I knew that that would be 'the other option', but tracking
      -RELEASE and its patch levels is currently preferred over here.</p>=

    <p>Got a tip about 'dehydrated', so maybe that'll work for now,
      until 14-REL is on the books.<br>
    </p>
  </body>
  <lt-container></lt-container>
</html>

--------------lWLSEiQOHBwmp7z0wnggrjJa--

--------------hlr2EndMvNb9fXVkKY4ElZQw--

--------------f2Qi0BXzrG8NBJAXSWd7cQbv
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEE9AWUvcZu/lO5r3wZ0R2eb0cya6gFAmU4JH0FAwAAAAAACgkQ0R2eb0cya6j4
gg//dU8hqTjji73Qf9uuBQBXrjQZ3LJ2BGvvWzHx1vAooCO5kzTegQCRhaN0gnQGenkjsOc9VPMJ
k9VgL/xZztQzQIJstcGwsPqLotD+pvzDZpFiJruRwqOQXUIEYhAyZ5kJL9uHVicN0ApjAX8+9nKj
ksJPig9zfg8KVj+gZRWDuecBdQfo5ZBFZx8wr1ACB1wA+L7Lc9csmta7em4UereGxgMbby6sbIm9
oZsRTjBj/6KyQ8seeOi0lMcLvFZHGa+A6JmJZZwtX+r1ivBTwJmW1bzdj27MTp507Iyz4Crdz6ib
rLNbq/m0CetVQk8k54q8hj2HHlMT51dTgjR97bRe8Wz8CbsOqQ6+iDTeWU/CFqgMFJtQoP9v/wVQ
ZRYKvHms53Kc2XsKFZVwhucBZb+ogGKL2IUZ1C1A2cAigUt8clcqPWFyOnaQdp8aJMAMDcNUkE6e
EnEil7Qw2tAb/qmICNGJcKgEAjC4Pbh0KkycoM+czgVUfxpzQvcY+SgZ01AZy+d987ny1MYxH5lr
rn+MJVpXmHBWKLLOPoSpxmYYwTbVeFrMt0Tujv9CE0q5j7UTN7UePJ3aGsON65Wui5mpwNmlZ0V+
zS+vWgEWq+WfVpaZI113RCyiDCFAQCaoh6AdVjHPow5pw26kOaEXRri99JE2dRU9YNgVYerY5ECi
bQI=
=Hi54
-----END PGP SIGNATURE-----

--------------f2Qi0BXzrG8NBJAXSWd7cQbv--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c40cb8eb-f6e9-4b9d-9724-9a65356b9d87>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation