Date: Mon, 13 Jul 2015 19:13:51 -0400 From: Brandon Allbery <allbery.b@gmail.com> To: Kevin Oberman <rkoberman@gmail.com> Cc: Matt Smith <fbsd@xtaz.co.uk>, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org> Subject: Re: WITHOUT_OPENSSL and make delete-old Message-ID: <CAKFCL4XRPYUh3foORzyMyXfHKif=TvQPJuBQdToXGmVwBLAHSg@mail.gmail.com> In-Reply-To: <CAN6yY1sYMk00Eog6wuup-oZpkZFTopiHGy=%2BZhPxC02zk8xymQ@mail.gmail.com> References: <20150713140352.GB1284@xtaz.uk> <CAN6yY1u4M7AD%2Bw%2BkdPu4JYQh45R6zdHm7Z3Vp0QSsNtN9scBkg@mail.gmail.com> <20150713191414.GC1284@xtaz.uk> <CAKFCL4WeT4da_MJk_pyLKeJ0HFvXrYSNjPxbVDZyLZ0X%2B6LL=g@mail.gmail.com> <CAN6yY1sYMk00Eog6wuup-oZpkZFTopiHGy=%2BZhPxC02zk8xymQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 13, 2015 at 6:58 PM, Kevin Oberman <rkoberman@gmail.com> wrote:
> Annoying! ssh has explicitly never used of OpenSSL. I just confirmed that
> it still does not. It does use gssapi and kerberos, so even though it makes
> no use of OpenSSL, it does use those two things which are not actually part
> of OpenSSL. If you check /usr/src/crypto/openssl, there is no gssapi or
> kerberos there. Both of these are in the heimdal sources. Looks to me like WITHOUT_OPENSSL
> is really without a few other things but NOT OpenSSL. Very weird.
>
Um? On most platforms OpenSSH uses OpenSSL's libcrypto. This was a FAQ
nearly everywhere when there was a bug in the SSL/TLS part of OpenSSL and
OpenSSH was updated as part of it ("no, OpenSSH is not vulnerable, but it
depends on OpenSSL's libcrypto; while that part was not buggy, it had to be
updated at the same time as the buggy TLS part").
--
brandon s allbery kf8nh sine nomine associates
allbery.b@gmail.com ballbery@sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKFCL4XRPYUh3foORzyMyXfHKif=TvQPJuBQdToXGmVwBLAHSg>