[Bug 272835] kinit(8) segmentation fault with openssl-3.0 in CURRENT

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 272835] kinit(8) segmentation fault with openssl-3.0 in CURRENT"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 21 Nov 2023 09:24:54 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272835

Joerg Pulz <Joerg.Pulz@frm2.tum.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #246375|0                           |1
        is obsolete|                            |

--- Comment #3 from Joerg Pulz <Joerg.Pulz@frm2.tum.de> ---
Created attachment 246458
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=246458&action=edit
patch to fix base heimdal and weak enctypes with base openssl-3.0.x v2

After thinking some more about this I propose we should fix this.

If we ship heimdal with weak enctypes enabled (what we do) it should work out
of the box.

This can be achieved in two ways:
1)
Modify the code so heimdal is loading the required OpenSSL legacy providers by
itself - see the attached patch.

2)
Modify the default OpenSSL configuration (/etc/ssl/openssl.cnf) we ship as
mentioned in my previous comment.

New versions of heimdal make use of heimdal's own md4/rc4 implementations in
lib/hcrypto. As this is not in our tree (see crypto/heimdal/FREEBSD-Xlist) it's
not an option.

-- 
You are receiving this mail because:
You are the assignee for the bug.