From owner-freebsd-ports@freebsd.org Tue Apr 14 22:39:38 2020 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C2E7C2CB9DE for ; Tue, 14 Apr 2020 22:39:38 +0000 (UTC) (envelope-from matthias.andree@gmx.de) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4920m93dfhz3PJ9 for ; Tue, 14 Apr 2020 22:39:37 +0000 (UTC) (envelope-from matthias.andree@gmx.de) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1586903975; bh=0bQHD26nneurqNZzCLQkXLVdD1psZwrDx3zaVnlmvDI=; h=X-UI-Sender-Class:From:Subject:To:References:Date:In-Reply-To; b=NOpdSccAi4tak8rwDVMZbC7DdGrH2W3HLOmqjfc3Tp1ThRzEPTtp8ta9z9A8okA9L vziRxMcDJL5vcw3c5RwZfSZ2ZZS/TisuD4JkL6gIYE17YfMJKQxqtLYaKOfIgIisZj sgoap8hjudpIrCX8x0vXW4zqkNjv7RrO0M2Ztblg= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from mandree.no-ip.org ([79.229.35.115]) by mail.gmx.com (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MNKhs-1jdNPR0uQk-00OoAp for ; Wed, 15 Apr 2020 00:39:35 +0200 Received: from ryzen.an3e.de (localhost [IPv6:::1]) by ryzen.an3e.de (Postfix) with ESMTP id BAE81120435 for ; Wed, 15 Apr 2020 00:39:34 +0200 (CEST) From: Matthias Andree Subject: Re: openssl problem after 11 -> 12 To: freebsd-ports@freebsd.org References: <1b820dcf-34ad-b7af-d25c-ea337f9376b2@nethead.se> <20200414150819.zpo7znhwipg65fsm@aching.in.mat.cc> <1232ac82-24c4-66e7-cdf6-db72fb769ed9@nethead.se> <1e35fefe-b8a8-0dc5-5b4a-adf205ff4263@nethead.se> Message-ID: Date: Wed, 15 Apr 2020 00:39:34 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <1e35fefe-b8a8-0dc5-5b4a-adf205ff4263@nethead.se> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:jTy7ce7psGEzSsaRvPzXju4EznYN4oPJzM5grTdAfDAB8O9hAd7 w863C6TfKahPyfXJAnsf2e6hGRdwovTXZFnNPAdN14l0SLFO4JUypj4CIdAyFtbfdsnJcTV N1y2HEwm8ayJ8D7galoa1kjnX7+41pxGWpkzOw2o2pHPuw8Kjk4o671r0Q/cMmNgq06WAN1 91HTOCegu1FiLYVjWz0FQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:ODZ+n0lEOas=:cjQHLjJNy3U2ng8nPOvhjw p0Br5E6duJfuTF+JFbXVSQueuXmJOPVqpzA50D8wr642b3Y3Pzj2L4cjnaQzOPHqnJiUzO2L5 Ch5wKQICo/yPwl3FiGnLfdf8ZJ++aUfPnZtvsc27ciFZsfrWQaHZZTtOKdzyiTRWpCbCXiPLF ehtqH4zcfHUjZLGqOpiTN0r7JVgrXKrXJJ9wD+bW9x9hiW7dZmdmFJtlL3Pb/MtkcfXA+JPtS 55rf0gLGnm5LzSdaza4z1IIY4rdk/o3L7v7Es8NGfQhF4LQW1jkPskHk8ttOqUTpzu4q6plW5 gdf0Up5C1Pk23nMWq16QVkwgw/ox0LanYFHs/vL/2CpBuxw35ZAf7rCnxiLTce03/4zSKPPd2 O3hFCTjoKx3fJALPpaKY4iUfDkexpzCdkazgeRmP+7z+x02xdPcDULf1mNH64LwkomECQqZaJ w7Cm0DHX9oBF4FGVIvFRBPHL/KMRFajJuktVjENpQXlLCGlAv1QTYZHqgNf+nE/tcpYuXCuYi Q7NyMXvY3ikvq0TPg9gIQVVLoRAxaApjR/FnkxBADWiHubGO7f6lvz5brAYah6X9nJ1ekqAyx mmMXw7ZQjHN+VgRRjOe5NkIFQ7VRr+MnM0+8PK4Sk4H400WIW5qhBS6lvTBb5yfBloCSvJ8k2 9u4Zj1+MVgACikPBsTRbSmpCwVv/P+5qO+vASKY4CqFUyXwLV4ChbKGsloR+YOYkJdc7raSww vElR0d+tJ7NP+wkwLrlSiwc8lpyTx5cIHEtJZtMapB+CgHTkVE2jr8DVuOe/fpK6bILQ/LX4R 6SZhKue6WK2W+DYyqzCBZXdMevn3Tqo+dsvr/3AVFjShAsfVF+/4/bhwMemnyebOFeI3Ncct8 0vxufL0Xu+gqU76T+bY2QoI7IrnbFTBGs7hTFma/eL7b/efel1RsetIfAOwOiK5lUnl4eKYRQ u7s39UuF31zPFL/koJnMOWTbdKT5pOriZy1Mf1zUN3c29zXbJQUM+uhvUK78RTSFz2mSlCsiw 64uiTObP/c1s0Bd5D+iauJe/ologPiewsFqRHVCQ7iO+L7P147UZ3ig+19hwM0UZGFqQHKI/J FoZ0TvpdpzONeauPbKxIA4D3yaKSQ+JtmLUblOBy/6/6YpQce9K2vNYz+HRpNkOOlZbQGrNwr uFxc51cm5GqSO755E1grcloEg/ItOfiIXJSkVDy2+Uv2DnBnHkzLyFTzuzvd0lmDkJe2bD+1F KmV3aoAhqh7YWLblo X-Rspamd-Queue-Id: 4920m93dfhz3PJ9 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=NOpdSccA; dmarc=none; spf=pass (mx1.freebsd.org: domain of matthias.andree@gmx.de designates 212.227.15.15 as permitted sender) smtp.mailfrom=matthias.andree@gmx.de X-Spamd-Result: default: False [-2.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.227.15.0/25]; FREEMAIL_FROM(0.00)[gmx.de]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmx.net:+]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.00)[ip: (-7.15), ipnet: 212.227.0.0/16(-1.16), asn: 8560(2.10), country: DE(-0.02)]; RCVD_IN_DNSWL_LOW(-0.10)[15.15.227.212.list.dnswl.org : 127.0.3.1]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[115.35.229.79.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450]; FROM_HAS_DN(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmx.de]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-ports@freebsd.org]; DMARC_NA(0.00)[gmx.de]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Apr 2020 22:39:38 -0000 > Finally managed to figure it out, you need to tell the perl script > exactly what cipher to use, so I added to 'check_ilo2_health.pl': > --sslopts 'SSL_verify_mode => SSL_VERIFY_NONE, SSL_version => > "TLSv1_1", SSL_cipher_list => "EDH-RSA-DES-CBC3-SHA"' > > Works with openssl from ports. But "SSL_VERIFY_NONE" should be unrelated to the versioning/cipher issues. If you need SSL_VERIFY_NONE, then the certificate and/or chains and/or trusts are not configured properly.