Date: Sat, 9 Aug 2025 10:08:23 -0400 From: Ian FREISLICH <ianfreislich@gmail.com> To: FreeBSD Current <current@freebsd.org> Subject: OpenSSL legacy provider is broken Message-ID: <b3f09f1b-e946-4bf1-822d-243dcd0dcd02@gmail.com>
index | next in thread | raw e-mail
Hi
Previously this worked
[brane] /usr/ports # openssl list -providers -provider legacy
Providers:
legacy
name: OpenSSL Legacy Provider
version: 3.0.16
status: active
Since the build last night,
[router] /usr/ports/net/freeradius3 # openssl list -providers -provider
legacy
list: unable to load provider legacy
Hint: use -provider-path option or OPENSSL_MODULES environment variable.
10B045DBE7340000:error:12800067:DSO support routines:dlfcn_load:could
not load the shared
library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/ossl-modules/legacy.so):
/usr/lib/ossl-modules/legacy.so: Undefined symbol "ossl_kdf_pvk_functions"
10B045DBE7340000:error:12800067:DSO support routines:DSO_load:could not
load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:147:
10B045DBE7340000:error:07880025:common libcrypto
routines:provider_init:reason(37):/usr/src/crypto/openssl/crypto/provider_core.c:1019:name=legacy
and freeradius doesn't start because of this:
[router] /usr/ports/net/freeradius3 # radiusd -fX
FreeRADIUS Version 3.2.7
...
(TLS) Failed loading legacy provider
I haven't yet figured out what part of my EAP configuration needs the
legacy provider. It may be that EAP just needs a working legacy provider
because it looks like the EAP module unconditionally attempts to load
the provider and fails.
Ian
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b3f09f1b-e946-4bf1-822d-243dcd0dcd02>