Date: Wed, 13 Aug 2025 21:26:26 -0400 From: Ian FREISLICH <ianfreislich@gmail.com> To: Pierre Pronchery <khorben@defora.org>, "Enji Cooper (yaneurabeya)" <yaneurabeya@gmail.com> Cc: FreeBSD Current <current@freebsd.org> Subject: Re: OpenSSL legacy provider is broken Message-ID: <a20e5fda-10c6-4df3-96ca-cf12b41da70b@gmail.com> In-Reply-To: <5FCF8EF0-4473-40E9-94D2-FA5AD96D2418@defora.org> References: <b3f09f1b-e946-4bf1-822d-243dcd0dcd02@gmail.com> <B43DA54A-0017-42CA-A1FE-15F28048FEF0@gmail.com> <5FCF8EF0-4473-40E9-94D2-FA5AD96D2418@defora.org>
index | next in thread | previous in thread | raw e-mail
On 2025-08-10 06:53, Pierre Pronchery wrote: > Hey, > >> On 10 Aug 2025, at 04:32, Enji Cooper (yaneurabeya) <yaneurabeya@gmail.com> wrote: >> >> >>> On Aug 9, 2025, at 7:08 AM, Ian FREISLICH <ianfreislich@gmail.com> wrote: >>> >>> Previously this worked >>> >>> [brane] /usr/ports # openssl list -providers -provider legacy >>> Providers: >>> legacy >>> name: OpenSSL Legacy Provider >>> version: 3.0.16 >>> status: active >>> >>> Since the build last night, >>> >>> [router] /usr/ports/net/freeradius3 # openssl list -providers -provider legacy >>> list: unable to load provider legacy >>> Hint: use -provider-path option or OPENSSL_MODULES environment variable. >>> 10B045DBE7340000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/ossl-modules/legacy.so): /usr/lib/ossl-modules/legacy.so: Undefined symbol "ossl_kdf_pvk_functions" >>> 10B045DBE7340000:error:12800067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:147: >>> 10B045DBE7340000:error:07880025:common libcrypto routines:provider_init:reason(37):/usr/src/crypto/openssl/crypto/provider_core.c:1019:name=legacy >>> >>> and freeradius doesn't start because of this: >>> >>> [router] /usr/ports/net/freeradius3 # radiusd -fX >>> FreeRADIUS Version 3.2.7 >>> ... >>> (TLS) Failed loading legacy provider >>> >>> I haven't yet figured out what part of my EAP configuration needs the legacy provider. It may be that EAP just needs a working legacy provider because it looks like the EAP module unconditionally attempts to load the provider and fails. > > It could well be that it does. > > Regardless I didn’t mean to break the legacy provider, but it’s > certainly because of the OpenSSL 3.5.1 import. Sorry! > > I have pushed a partial fix here, and will keep pushing to that > branch until I get it to work fully again: > https://github.com/khorben/freebsd-src/tree/khorben/openssl-3.5.1-legacy That fixes this missing symbol, but here's the next error: [router] ~ # openssl list -providers -provider legacy list: unable to load provider legacy Hint: use -provider-path option or OPENSSL_MODULES environment variable. 10B0E52D30440000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/ossl-modules/legacy.so): /usr/lib/ossl-modules/legacy.so: Undefined symbol "ossl_param_find_pidx" 10B0E52D30440000:error:12800067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:147: 10B0E52D30440000:error:07880025:common libcrypto routines:provider_init:reason(37):/usr/src/crypto/openssl/crypto/provider_core.c:1019:name=legacy Is there a target/directory I can make in that compile will compile just this? The no clean default on buildworld doesn't seem to work and compiling everything takes forever. Ianhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a20e5fda-10c6-4df3-96ca-cf12b41da70b>