Date: Wed, 11 Mar 2015 09:15:49 -0700 From: Gregory Shapiro <gshapiro@freebsd.org> To: Philip Guenther <pguenther@proofpoint.com> Cc: freebsd security <freebsd-security@freebsd.org>, Julian Elischer <julian@freebsd.org> Subject: Re: sendmail broken by libssl in current Message-ID: <20150311161549.GB16749@C02KM089FFRR.corp.proofpoint.com> In-Reply-To: <alpine.BSO.2.20.1503110042030.28688@morgaine.local> References: <54FFE774.50103@freebsd.org> <alpine.BSO.2.20.1503110042030.28688@morgaine.local>
next in thread | previous in thread | raw e-mail | index | archive | help
First, thank you Philip for jumping on this. Much appreciated. > This wonderful change (cough) to include SSL_OP_TLSEXT_PADDING in > SSL_OP_ALL was addressed in sendmail 8.15.1, which explicitly removes > SSL_OP_TLSEXT_PADDING from the default ClientSSLOptions value if that > #define exists. I believe Greg is working on importing that to FreeBSD. sendmail 8.15.1 is imported into the vendor area but not merged due to an incompatible change that is being moved into a run-time configuration variable in 8.15.2. Rather than expose the FreeBSD populate to the churn from that change, I am skipping 8.15.1 and will import 8.15.2. That being said, I can certainly make the local fix that Philip mention to take care of the padding issue. Is the new libssl in 11-CURRENT going to be/already been MFC'ed to other branches?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150311161549.GB16749>