From owner-freebsd-stable@freebsd.org Tue Jul 14 06:51:34 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8F3E99C6BD for ; Tue, 14 Jul 2015 06:51:34 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-ob0-x22a.google.com (mail-ob0-x22a.google.com [IPv6:2607:f8b0:4003:c01::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7A13577F for ; Tue, 14 Jul 2015 06:51:34 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by obnw1 with SMTP id w1so443431obn.3 for ; Mon, 13 Jul 2015 23:51:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=21kryfbyWWCoT0AtQwV4bshKJRKr8M2zyrBHkJ/EhQc=; b=UzebPKsW8gD6CwmXXWhoFcjhhh2Syqq8H4rPyD4K7uY8/Nw8U4dIrxiegr8HjqT4Bp Q9klB3FcI550pboK1Nov5B+mIqVjcg52oEL3qURyyOpecrJJLLP2o7FCaVnarOxBc0DQ WtGAlXxLPsCb8UEYxLI5CBpW4C1kJHj8Z9516wL013nD//rxf7DdIMJ5RR+tohH1QQle 8/9bI9bdj0pRo+Z2j5YGq9676dtlBiUqT4XzRhNRUY1fX+IAL3B8XqpxSnFqxx/Pvbh4 f1+jsSazUr/bP1CZlqkRLBzisnM0aDVS6a+Mu3HQnnZcG7ec2yMDRaLsHIWoSJAfzJZL pjuA== MIME-Version: 1.0 X-Received: by 10.182.186.2 with SMTP id fg2mr35445111obc.35.1436856693340; Mon, 13 Jul 2015 23:51:33 -0700 (PDT) Sender: kob6558@gmail.com Received: by 10.202.221.69 with HTTP; Mon, 13 Jul 2015 23:51:33 -0700 (PDT) In-Reply-To: References: <20150713140352.GB1284@xtaz.uk> <20150713191414.GC1284@xtaz.uk> Date: Mon, 13 Jul 2015 23:51:33 -0700 X-Google-Sender-Auth: yvMlTh-otH1G6oNKBVTq_kA46ac Message-ID: Subject: Re: WITHOUT_OPENSSL and make delete-old From: Kevin Oberman To: Brandon Allbery Cc: Matt Smith , FreeBSD-STABLE Mailing List Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jul 2015 06:51:34 -0000 On Mon, Jul 13, 2015 at 4:13 PM, Brandon Allbery wrote: > On Mon, Jul 13, 2015 at 6:58 PM, Kevin Oberman > wrote: > >> Annoying! ssh has explicitly never used of OpenSSL. I just confirmed >> that it still does not. It does use gssapi and kerberos, so even though it >> makes no use of OpenSSL, it does use those two things which are not >> actually part of OpenSSL. If you check /usr/src/crypto/openssl, there is no >> gssapi or kerberos there. Both of these are in the heimdal sources. Looks >> to me like WITHOUT_OPENSSL is really without a few other things but NOT >> OpenSSL. Very weird. >> > > Um? On most platforms OpenSSH uses OpenSSL's libcrypto. This was a FAQ > nearly everywhere when there was a bug in the SSL/TLS part of OpenSSL and > OpenSSH was updated as part of it ("no, OpenSSH is not vulnerable, but it > depends on OpenSSL's libcrypto; while that part was not buggy, it had to be > updated at the same time as the buggy TLS part"). > > -- > brandon s allbery kf8nh sine nomine > associates > allbery.b@gmail.com > ballbery@sinenomine.net > unix, openafs, kerberos, infrastructure, xmonad > http://sinenomine.net > Oh, crap. I forgot that libcrypto came from OpenSSL. As Emily Littela used to say, "Never mind". May both Emily and Gilda rest in peace and always be remembered. -- Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683