Date: Mon, 15 Nov 2010 18:40:27 +0300 From: c0re <nr1c0re@gmail.com> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: openssl version - how to verify Message-ID: <AANLkTinNd0mzR6x3fnB8xWFqJhX61mv3_EipUwaha6ux@mail.gmail.com> In-Reply-To: <20101115090851.237f167b@scorpio> References: <AANLkTinFoAC=t6-cp7ofphi=X%2BbGwkY-CL3X6B_ChTXH@mail.gmail.com> <20101115090851.237f167b@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
2010/11/15 Jerry <freebsd.user@seibercom.net>: > On Mon, 15 Nov 2010 16:17:10 +0300 > c0re <nr1c0re@gmail.com> articulated: > >> If I look at base openssl in 7.3-RELEASE-p3 >> >> sys# openssl version -a >> OpenSSL 0.9.8e 23 Feb 2007 >> built on: Mon Sep 27 11:54:36 MSD 2010 >> platform: FreeBSD-i386 >> options: =A0bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) >> blowfish(idx) compiler: cc >> OPENSSLDIR: "/etc/ssl" >> >> but at www.openssl.org I see that it's not recent version >> >> 01-Jun-2010: =A0 =A0 OpenSSL 0.9.8o is now available, including >> important bug and security fixes >> >> I know that freebsd security team make patches for base openssl, but >> how can I know what patchlevel of openssl in base version? >> >> Like "-p5" in "OpenSSL 0.9.8e-p5 23 Feb 2007". > > Why not just install the ports version: > > openssl version -a > OpenSSL 1.0.0a 1 Jun 2010 > built on: Sun Jun =A06 12:19:12 EDT 2010 > platform: BSD-x86_64 > options: =A0bn(64,64) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish= (idx) > compiler: cc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -= D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_= T=3Dint -Wall -O2 -pipe -march=3Dathlon64 -fno-strict-aliasing -DOPENSSL_IA= 32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_AS= M -DAES_ASM -DWHIRLPOOL_ASM > OPENSSLDIR: "/usr/local/openssl" > > You would need to add this to the "/etc/make.conf" file first I believe: > > =A0 =A0 =A0 =A0WITH_OPENSSL_PORT=3Dyes > There are still too many broken ports with openssl from ports, I do not like debug it and really like to use base openssl, almost no difference. But I just want to have some proves that base system openssl has security patches because 7.3-RELEASE base openssl is 0.9.8e, but 0.9.8e has got security vulnerabilities. But how can I be sure that freebsd base system with 0.9.8e version does not have any vulnerabilities?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTinNd0mzR6x3fnB8xWFqJhX61mv3_EipUwaha6ux>