Date: Wed, 13 Aug 2025 21:26:26 -0400 From: Ian FREISLICH <ianfreislich@gmail.com> To: Pierre Pronchery <khorben@defora.org>, "Enji Cooper (yaneurabeya)" <yaneurabeya@gmail.com> Cc: FreeBSD Current <current@freebsd.org> Subject: Re: OpenSSL legacy provider is broken Message-ID: <a20e5fda-10c6-4df3-96ca-cf12b41da70b@gmail.com> In-Reply-To: <5FCF8EF0-4473-40E9-94D2-FA5AD96D2418@defora.org> References: <b3f09f1b-e946-4bf1-822d-243dcd0dcd02@gmail.com> <B43DA54A-0017-42CA-A1FE-15F28048FEF0@gmail.com> <5FCF8EF0-4473-40E9-94D2-FA5AD96D2418@defora.org>
index | next in thread | previous in thread | raw e-mail
On 2025-08-10 06:53, Pierre Pronchery wrote: > Hey, > >> On 10 Aug 2025, at 04:32, Enji Cooper (yaneurabeya) <yaneurabeya@gmail.com> wrote: >> >> >>> On Aug 9, 2025, at 7:08 AM, Ian FREISLICH <ianfreislich@gmail.com> wrote: >>> >>> Previously this worked >>> >>> [brane] /usr/ports # openssl list -providers -provider legacy >>> Providers: >>> legacy >>> name: OpenSSL Legacy Provider >>> version: 3.0.16 >>> status: active >>> >>> Since the build last night, >>> >>> [router] /usr/ports/net/freeradius3 # openssl list -providers -provider legacy >>> list: unable to load provider legacy >>> Hint: use -provider-path option or OPENSSL_MODULES environment variable. >>> 10B045DBE7340000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/ossl-modules/legacy.so): /usr/lib/ossl-modules/legacy.so: Undefined symbol "ossl_kdf_pvk_functions" >>> 10B045DBE7340000:error:12800067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:147: >>> 10B045DBE7340000:error:07880025:common libcrypto routines:provider_init:reason(37):/usr/src/crypto/openssl/crypto/provider_core.c:1019:name=legacy >>> >>> and freeradius doesn't start because of this: >>> >>> [router] /usr/ports/net/freeradius3 # radiusd -fX >>> FreeRADIUS Version 3.2.7 >>> ... >>> (TLS) Failed loading legacy provider >>> >>> I haven't yet figured out what part of my EAP configuration needs the legacy provider. It may be that EAP just needs a working legacy provider because it looks like the EAP module unconditionally attempts to load the provider and fails. > > It could well be that it does. > > Regardless I didn’t mean to break the legacy provider, but it’s > certainly because of the OpenSSL 3.5.1 import. Sorry! > > I have pushed a partial fix here, and will keep pushing to that > branch until I get it to work fully again: > https://github.com/khorben/freebsd-src/tree/khorben/openssl-3.5.1-legacy That fixes this missing symbol, but here's the next error: [router] ~ # openssl list -providers -provider legacy list: unable to load provider legacy Hint: use -provider-path option or OPENSSL_MODULES environment variable. 10B0E52D30440000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/ossl-modules/legacy.so): /usr/lib/ossl-modules/legacy.so: Undefined symbol "ossl_param_find_pidx" 10B0E52D30440000:error:12800067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:147: 10B0E52D30440000:error:07880025:common libcrypto routines:provider_init:reason(37):/usr/src/crypto/openssl/crypto/provider_core.c:1019:name=legacy Is there a target/directory I can make in that compile will compile just this? The no clean default on buildworld doesn't seem to work and compiling everything takes forever. Ianhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a20e5fda-10c6-4df3-96ca-cf12b41da70b>