From nobody Tue Oct 24 12:54:31 2023 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SFBpf2hPzz4y1JN for ; Tue, 24 Oct 2023 12:54:34 +0000 (UTC) (envelope-from DutchDaemon@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SFBpf2BpHz4TY5 for ; Tue, 24 Oct 2023 12:54:34 +0000 (UTC) (envelope-from DutchDaemon@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698152074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=XIJkc6xl4LqNiCLtpVW47i1TRPL/qA0Ym1z9pfpceQk=; b=yeAB/6iOzGhrbK6CiJTAtO2v6u5eb2AmLm2QbXaunhMkCUlKgQ2dBLJd+7yg5Xx4UkUtq+ 18bQxYOcFdeLp8k1K+hECXHYfNTamGH7MMJk1fVRk4bfFhzY9hCUKOMwsIs1HHJKOierGD 0CgQ41GCLHqMb1oiQiQ2bLXcP9WJgd7pKF4rBGHhHVZ5dHufpjeMjVg1dKYjSuHmu+zWSa z60yGpo8jtOcjFHoVPqzSwgbtOdjQ04zLR7rdTclqVWkIGJzoxtM56AziIv/9CxCoXdfMd wWRuc0Rd9rc0Pk11E6C5ECv+YurqqaZ/yFHRCYq73xQgJQkX/Msj85nvhmgqWw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698152074; a=rsa-sha256; cv=none; b=t0fIdvYrxqGk2ilP6hyre391LdaY89NDgSPAw6oMJ3cNwXT/9mPM9xX7OrKLWAXSIQoEji +2m9w87hAFKxKf+FT24Sgv7JD/gXxMaLHZLawoPuhaCeyqQycSoK38AHgR/KFigj6mvrLJ 8cCGRM45VYwTOMyMicW0GB8+0j25T0inv7DmsTIabwXvLTNYdT2pNSMv7ml1DySvUc7JcQ Lss7Wk6OLPR5rqZ00jLOyxhO0BsSFni85u8rtiH7uyKNYSksVHv72Sx1voejeMQ4Xz/amw 3kz/acsHp/EKa8NYbh4nbZR1gZ9MCC2CnFFHc60gFQzrnz4FuZQr3HCQqMuvXw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698152074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=XIJkc6xl4LqNiCLtpVW47i1TRPL/qA0Ym1z9pfpceQk=; b=Ni9nTCPjmqXX3UVUnXPvDkX7DNitx5+76NBCwB6zegcp3XCCrK35YFW0M1RtJRt1XS+BMe qtjvZRSniFnLFgF7MhInlsSq+A6TemjStYQ6UQ8tZPp6sZAhv5u6n0iinbj5V+hp2AjHz9 PFpdtMFnQ205xPxv1vyqd3OZpYn9INgu14ky6jlppoM5xDaWZRx2wBS3BEA1Qo7BhTfZil 47EOYRBzUX5NAWkLFRdSQ4gu6lvSzH+CrmlZSYmH9EnfrP9z46skF2vuUrks2L35memgS5 W1QLHth7lT7pnRZy3elEdH/p3CInhhHDPmljhIUbHri7M0t3P2Xl/YhwKsSJkg== Received: from [192.168.178.205] (unknown [85.148.89.7]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: dutchdaemon/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4SFBpd6l7hz1N9F for ; Tue, 24 Oct 2023 12:54:33 +0000 (UTC) (envelope-from DutchDaemon@FreeBSD.org) Message-ID: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org> Date: Tue, 24 Oct 2023 14:54:31 +0200 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: nl, en-US To: freebsd-ports@freebsd.org From: DutchDaemon - FreeBSD Forums Administrator Subject: FreeBSD 13 + CertBot + OpenSSL 3 - status? Organization: The FreeBSD Forums Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------rnAWZe4HacKu4KYaqcmbUKS0" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------rnAWZe4HacKu4KYaqcmbUKS0 Content-Type: multipart/mixed; boundary="------------ktulXRIxPsWGpDipvPIWvNVL"; protected-headers="v1" From: DutchDaemon - FreeBSD Forums Administrator To: freebsd-ports@freebsd.org Message-ID: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org> Subject: FreeBSD 13 + CertBot + OpenSSL 3 - status? --------------ktulXRIxPsWGpDipvPIWvNVL Content-Type: multipart/alternative; boundary="------------E1XSKsDc4x1MAhsZKZrol0WX" --------------E1XSKsDc4x1MAhsZKZrol0WX Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 RG9lcyBhbnlvbmUgaW4gJ3BvcnQgbGFuZCcga25vdyB3aGF0IHRoZSBjdXJyZW50IGRldmVs b3BtZW50cyBhcmUgd3J0IA0KQ2VydEJvdCAob3IgcHktY3J5cHRvIHVuZGVyIGl0cyBob29k KT8NCg0KQ2VydEJvdCBpcyBoYXBwaWx5IGNvbXBpbGluZyBhZ2FpbnN0IE9wZW5TU0wgMyBm cm9tIHBvcnRzLCBidXQgd2hlbiANCnJ1bm5pbmcgJ2NlcnRib3QnLCB0aGUgY3J5cHRvIHNp ZGUgb2YgaXQgdGFsa3MgdG8gdGhlIGJhc2Ugc3lzdGVtIA0KT3BlblNTTCAxLjEuMSwgaGVu Y2UgZmFpbGluZyBiZWNhdXNlIHRoZSBPcGVuU1NMIDEuMS4xIGxpYnJhcnkgZG9lcyBub3Qg DQp1bmRlcnN0YW5kIHRoZSBPcGVuU1NMIDMgY2FsbHMgbWFkZSB0byBpdC4NCg0KIEZyb20g d2hhdCBJIHVuZGVyc3Rvb2QsIHRoaXMgd2FzIGR1ZSB0byBhbiBlcnJvci9yZWdyZXNzaW9u IGluIA0KcGtnY29uZig/KSB3aGljaCBjYXVzZXMgc29tZSB0eXBlIG9mICdwYXRoIHJldmVy c2FsJyB0aGF0IGNhdXNlcyANCnB5LWNyeXB0byB0byBpZ25vcmUgdGhlIE9wZW5TU0wgaXQg d2FzIGNvbXBpbGVkIGFnYWluc3QsIGZhdm9yaW5nIHRoZSANCmJhc2Ugc3lzdGVtIGxpYnJh cnkuDQoNCkkgZWl0aGVyIGhhdmUgdG8gcmV2ZXJ0IGEgd2hvbGUgbG90IG9mIHNlcnZlcnMg YmFjayB0byBPcGVuU1NMIDEuMS4xdyANCmZyb20gcG9ydHMgaW4gb3JkZXIgdG8gcmVuZXcg Y2VydGlmaWNhdGVzLCBvciB3YWl0IGZvciAiYW55IG1vdmVtZW50IiBpbiANCmdldHRpbmcg dGhlIHBhdGggcmV2ZXJzYWwgYWRkcmVzc2VkL2ZpeGVkLg0KDQpTbzogZG9lcyBhbnlvbmUg a25vdyB3aGVyZSB3ZSdyZSBhdCB3aXRoIHRoaXM/DQoNCg== --------------E1XSKsDc4x1MAhsZKZrol0WX Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Does anyone in 'port land' know what the current developments are wrt CertBot (or py-crypto under its hood)?=C2=A0

CertBot is happily compiling against OpenSSL 3 from ports, but when running 'certbot', the crypto side of it talks to the base system OpenSSL 1.1.1, hence failing because the OpenSSL 1.1.1 library does not understand the OpenSSL 3 calls made to it.

From what I understood, this was due to an error/regression in pkgconf(?) which causes some type of 'path reversal' that causes py-crypto to ignore the OpenSSL it was compiled against, favoring the base system library.

I either have to revert a whole lot of servers back to OpenSSL 1.1.1w from ports in order to renew certificates, or wait for "any movement" in getting the path reversal addressed/fixed.

So: does anyone know where we're at with this?

--------------E1XSKsDc4x1MAhsZKZrol0WX-- --------------ktulXRIxPsWGpDipvPIWvNVL-- --------------rnAWZe4HacKu4KYaqcmbUKS0 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEE9AWUvcZu/lO5r3wZ0R2eb0cya6gFAmU3vogFAwAAAAAACgkQ0R2eb0cya6gB AA//diwlLGyFHvmkuL0hi78YbO17gRlidsvEUflweK6el8Iz+qKSAy1xTZeafpoEk5YXWLhiU0Qm YUkUilBFDXsgjVfcDqDUcDlnfTrlOPiaRR2ZAPHwkTDqISIUZn/prRpio4F5JXx0TYCz8+ZotsSr wZYJzYnrzh1AQRBzpiY3CHUfVL1Ddfjzu6ArL9kjaDSXN2227flpTNlSMp3wD4V9pohvHp23RpEr IUHK8R4NdVp2hQPujg4yWxforyZ21Yqs5kQ+7TLTjeDyTkoKhDrjeaO/PsUF0PPdLR6y/BIQOjSS rSJD9CZqhK5Tqz1Ka/ndn2qEhVm2DAr3WdkpSw9P/Znx1g6S4iBHEeiS6Lfum5A7CyC6NDHhQjyo kX2NUbNMVvbuSjfwW5RvmIZLww9R0zcMGrVlps6CnlYKAlquWqKuJV4XBy+uZ5gn312Ew6GYV/0+ XUdL9xi9/DNC9Zpz6hILo0NPJslrA0vGsAMCDD+xiA1qoTffGCznouE98NMcTZMrRVI7D1RbbXWN Pj4ALrLN2AaQm7IU/nkb73FTN883zFmRg/8Cq38yGyCI3roayyolOJTpSyoQZBWPBm5iKcAgs2Ll obxjssFHh7Pk7M75Xkwz6oQbZZE729gV9gLTiSqlGvBvjbMUVDZ9tkMbtXesUH1NsXQ9D/Gpcnv0 OSc= =o144 -----END PGP SIGNATURE----- --------------rnAWZe4HacKu4KYaqcmbUKS0--