Date: Wed, 5 Mar 2003 16:47:47 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: hackers@freebsd.org Subject: Re: ssh/ssl linkage Message-ID: <20030305224747.GA71781@madman.celabo.org> In-Reply-To: <Pine.BSF.4.21.0303051408280.61509-100000@InterJet.elischer.org> <Pine.BSF.4.21.0303051350510.61509-100000@InterJet.elischer.org> References: <Pine.BSF.4.21.0303051350510.61509-100000@InterJet.elischer.org> <Pine.BSF.4.21.0303051408280.61509-100000@InterJet.elischer.org> <Pine.BSF.4.21.0303051350510.61509-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 05, 2003 at 01:55:14PM -0800, Julian Elischer wrote: > > OpenSSH uses openssl to a great extent, however when you do [ ... ] > so my question is: > how is the connection made to libssl? > is it via libcrypto? > is it statically built into the ssh binary? OpenSSH doesn't actually use SSL/TLS (libssl). It only uses the general cryptography library of OpenSSL (libcrypto). > If I upgrade openssl due to teh security upgrade, > should I recompile ssh as well? Yes, you must. (See below.) On Wed, Mar 05, 2003 at 02:10:45PM -0800, Julian Elischer wrote: > to answer myself a bit.. > It looks like openssl generates two parts: > libcrypto and libssl Right. > If I upgrade openssl, > I should make a new libcrypto and libssl > and since ssh uses only libcrypto, I should not need to > upgrade ssh.. I assume you mean `rebuild' rather than `upgrade'. > If I'm wrong.. let me know :-) You are wrong, but it's not your fault :-) OpenSSH specifically checks the version of OpenSSL which it finds at runtime, and if it does not match the version it found at build-time, then it barfs with "OpenSSL version mismatch. Built against FOO, you have BAR" The OpenSSH guys don't trust that the semantics of the API stay the same across releases, even if the ABI stays the same. I guess I cannot blame them for this extra paranoia. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030305224747.GA71781>