Re: FreeBSD 13 + CertBot + OpenSSL 3 - status?

Reply: DutchDaemon - FreeBSD Forums Administrator : "Re: FreeBSD 13 + CertBot + OpenSSL 3 - status?"
In reply to: DutchDaemon - FreeBSD Forums Administrator : "FreeBSD 13 + CertBot + OpenSSL 3 - status?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Matthew Seaman <matthew_at_FreeBSD.org>
Date: Tue, 24 Oct 2023 16:24:10 UTC

On 24/10/2023 13:54, DutchDaemon - FreeBSD Forums Administrator wrote:
> Does anyone in 'port land' know what the current developments are wrt 
> CertBot (or py-crypto under its hood)?
> 
> CertBot is happily compiling against OpenSSL 3 from ports, but when 
> running 'certbot', the crypto side of it talks to the base system 
> OpenSSL 1.1.1, hence failing because the OpenSSL 1.1.1 library does not 
> understand the OpenSSL 3 calls made to it.
> 
>  From what I understood, this was due to an error/regression in 
> pkgconf(?) which causes some type of 'path reversal' that causes 
> py-crypto to ignore the OpenSSL it was compiled against, favoring the 
> base system library.
> 
> I either have to revert a whole lot of servers back to OpenSSL 1.1.1w 
> from ports in order to renew certificates, or wait for "any movement" in 
> getting the path reversal addressed/fixed.
> 
> So: does anyone know where we're at with this?
> 

certbot is running just fine for me on stable/14 with openssl 3.x from 
ports.  Note that stable/14 has openssl 3.x in base.

	Cheers,

	Matthew