Date: Sun, 6 May 2001 15:27:39 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Kris Kennaway" <kris@obsecurity.org>, "Doug Young" <dougy@bryden.apana.org.au> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: Query on SSL / SSLeay Message-ID: <002801c0d67b$c22e2760$1401a8c0@tedm.placo.com> In-Reply-To: <20010506150040.B98841@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi All, These error messages and the info on the webmin site is justifyably confusing. Let me try to elucidate. Originally, before OpenSSL, if you wanted SSL on Webmin you installed SSLeay-0.9.0b.tar.gz and the Perl interface to it, Net_SSLeay.pm-1.03.tar.gz. The problem here was that SSLeay needed the copyrighted RSA libes, and it was defined as a munition (rather silly) preventing export and some more silly nonsense. Then, when OpenSSL was developed, the Perl interface was changed. Now, you use OpenSSL-0.9.3a and Net_SSLeay.pm-1.05.tar.gz FreeBSD includes OpenSSL in the crypto distro, and p5-Net-SSLeay-1.05 in ports, so as long as those two are in there, you get SSL with webmin. So, the upshot is that a lot of the info out there is intended to tell people NOT to use the newer p5-Net-SSLeay-1.05 with the older SSLeay libraries. It's all rather confusing because the various Crypto bigots are on a campaign to get people to stop using the older SSLeay libraries, and switch to OpenSSL. That's all fine and good but there's still older Unices (like Solaris 2.5.1 for the Sparc) which have problems compiling the OpenSSL code, and the OpenSSL people don't seem to be testing on those older Unices. So your limited to SSLeay and the 1.03 Perl SSLeay interface on those. Just remember the rule of thumb is: If you don't have OpenSSL in your Unix then try OpenSSL+ Perl SSLeay 1.05, but if it doesen't build then use SSLeay+ Perl SSLeay 1.03 and SSLeay libs go with Perl SSLeay 1.03 OpenSSL libs go with Perl SSLeay 1.05 and your fine. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Kris Kennaway >Sent: Sunday, May 06, 2001 3:01 PM >To: Doug Young >Cc: Kris Kennaway; freebsd-questions@FreeBSD.ORG >Subject: Re: Query on SSL / SSLeay > > >On Sun, May 06, 2001 at 10:47:19PM +1000, Doug Young wrote: >> SSLeay isn't in ports. SSLeay is what OpenSSL used to be called about >> 5 years ago. What's the _real_ error message? :-) >> >> Checking for OpenSSL-o.9.3a or newer ... >> I could not find your OpenSSL in '/usr/local/ssl' >> Please provide OpenSSL-0.9.3a installation directory (get from >> http://www.openssl.org/ if you don't have it ; >> please note that SSLeay is no longer supported, see README) (C-c >to abort): >> >> Now when I installed webmin it told me it couldn't enable SSL >unless SSLeay >> was available. The webmin homepage confirmed this, so what gives here ?? > >I'm still confused. That message above says explicitly that SSLeay is >not supported, you have to have OpenSSL 0.9.3a or later. It's also an >error message from the p5-Net-SSLeay-1.05 port, not the webmin port >(which it is a dependency of). > >FreeBSD 4.3 includes a version of OpenSSL 0.9.6, and I just checked >the build and verified that it finds the system version of OpenSSL >correctly. All you need to do is install that. > >Kris > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002801c0d67b$c22e2760$1401a8c0>