Date: Mon, 13 Jul 2015 23:51:33 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: Brandon Allbery <allbery.b@gmail.com> Cc: Matt Smith <fbsd@xtaz.co.uk>, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org> Subject: Re: WITHOUT_OPENSSL and make delete-old Message-ID: <CAN6yY1sN8dkjrn4HRwzh-%2BcE3pM0UGt3fT9Oc%2BULjQMfH1FEYQ@mail.gmail.com> In-Reply-To: <CAKFCL4XRPYUh3foORzyMyXfHKif=TvQPJuBQdToXGmVwBLAHSg@mail.gmail.com> References: <20150713140352.GB1284@xtaz.uk> <CAN6yY1u4M7AD%2Bw%2BkdPu4JYQh45R6zdHm7Z3Vp0QSsNtN9scBkg@mail.gmail.com> <20150713191414.GC1284@xtaz.uk> <CAKFCL4WeT4da_MJk_pyLKeJ0HFvXrYSNjPxbVDZyLZ0X%2B6LL=g@mail.gmail.com> <CAN6yY1sYMk00Eog6wuup-oZpkZFTopiHGy=%2BZhPxC02zk8xymQ@mail.gmail.com> <CAKFCL4XRPYUh3foORzyMyXfHKif=TvQPJuBQdToXGmVwBLAHSg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 13, 2015 at 4:13 PM, Brandon Allbery <allbery.b@gmail.com>
wrote:
> On Mon, Jul 13, 2015 at 6:58 PM, Kevin Oberman <rkoberman@gmail.com>
> wrote:
>
>> Annoying! ssh has explicitly never used of OpenSSL. I just confirmed
>> that it still does not. It does use gssapi and kerberos, so even though it
>> makes no use of OpenSSL, it does use those two things which are not
>> actually part of OpenSSL. If you check /usr/src/crypto/openssl, there is no
>> gssapi or kerberos there. Both of these are in the heimdal sources. Looks
>> to me like WITHOUT_OPENSSL is really without a few other things but NOT
>> OpenSSL. Very weird.
>>
>
> Um? On most platforms OpenSSH uses OpenSSL's libcrypto. This was a FAQ
> nearly everywhere when there was a bug in the SSL/TLS part of OpenSSL and
> OpenSSH was updated as part of it ("no, OpenSSH is not vulnerable, but it
> depends on OpenSSL's libcrypto; while that part was not buggy, it had to be
> updated at the same time as the buggy TLS part").
>
> --
> brandon s allbery kf8nh sine nomine
> associates
> allbery.b@gmail.com
> ballbery@sinenomine.net
> unix, openafs, kerberos, infrastructure, xmonad
> http://sinenomine.net
>
Oh, crap. I forgot that libcrypto came from OpenSSL. As Emily Littela used
to say, "Never mind".
May both Emily and Gilda rest in peace and always be remembered.
--
Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1sN8dkjrn4HRwzh-%2BcE3pM0UGt3fT9Oc%2BULjQMfH1FEYQ>