From nobody Tue Oct 24 20:09:33 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SFNSZ6vYtz4xSVf for ; Tue, 24 Oct 2023 20:09:34 +0000 (UTC) (envelope-from DutchDaemon@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SFNSZ6JFtz4XDn for ; Tue, 24 Oct 2023 20:09:34 +0000 (UTC) (envelope-from DutchDaemon@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698178174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=2qw9ZLyl6GnqguJUhLBmNGXH8S/n2T7yhzuWuQb7nbg=; b=RwrJ5hw4j7KRgXNTD5M1zVDwFD+xw94Tjg1d5c1YTRyFoVjEQBZ3po13qChmXkMB5xo90E Vzlyo7HGaI5xJ3s792OOxS0TQ3Quuo4NG3lqYutxZRbibd3TAjkbJTmM4gY5v4r42lu00r OCqOjqhlkDccFBQcvqVlJDdkuzQoXsV4uito9/fwcbd+PpsWNxXl5aKw/kAFXas/Mh7ICR 35yEOUr4YNLFp0NSckXgWljUkKTkH23Al2tcAH+r7CRq31+8pxCeAXxWbjJ0wXHZLni13i qS3fcafuKNl33jMmvcLAaHabIURJSf6lql7QIihfWr191EOcQyg0TjVEZfOqBg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698178174; a=rsa-sha256; cv=none; b=pVSh+ZckweWMhkQp+kPbSF3PXUipV6mIAUxRjRpo9amBtmKR7hASXD33p2fGrAPQXtEC8Z St8DZ8So1N1qhFP7defASniFBdTbWty+dqgyOE3OdPwF9J/+FG/seOvVa52W/PEM/EQ8Ty NQfFRYvqPhfRFZaM4MTVu5ungCzhyiytxqCKBRpid/g4rM7naJP0hmNkzEsIb8wdOLvctO XTURFK1GWUjpUtouHRLIILsCXMaPioCkx9oSmn/AlYBSQr2+7Sk+By1WkRrIm5HakOmjX3 gIQ5nVh9TNdGuVUF3/vj+1fvkkOtidXVUUbVARMwDPpFua65KE4+Hy4LwWBSBA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698178174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=2qw9ZLyl6GnqguJUhLBmNGXH8S/n2T7yhzuWuQb7nbg=; b=kUtQPEB19JD/71XHyxrmUMzXSIa7ijHyCuqzr0NvlD9oLLEdY5QVOfdqTyGGfTewMbgMzk 3jbzkN9yr67O2BuwenGHDV9zzLJ+JuC0bpaRxcL0waqAOckqqfNgkav+YQQLLyiUyrqb9S 7dVUclNt2tQSePmFYF1Zu8ztlHAfNxd/zQk2Zy0iqSzNRg5U0uE3wzHqqQqJxPFYPQdmMm LzAlUXoVPnJuyePDShM/ekN32IdhDVmuNdQqyce7jwhD6kKx2LSj2p5f14LTwiZRnt1uUN qavM+KlxAf9QJUep7Uo5qUp06q2tgrZ1LG9sgfb9zjigdAlLh2OZm2jJSUgLDA== Received: from [192.168.178.205] (unknown [85.148.89.7]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: dutchdaemon/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4SFNSZ48Hyz2WD for ; Tue, 24 Oct 2023 20:09:34 +0000 (UTC) (envelope-from DutchDaemon@FreeBSD.org) Message-ID: Date: Tue, 24 Oct 2023 22:09:33 +0200 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: FreeBSD 13 + CertBot + OpenSSL 3 - status? Content-Language: nl, en-US To: ports@freebsd.org References: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org> <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org> From: DutchDaemon - FreeBSD Forums Administrator Organization: The FreeBSD Forums In-Reply-To: <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------f2Qi0BXzrG8NBJAXSWd7cQbv" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------f2Qi0BXzrG8NBJAXSWd7cQbv Content-Type: multipart/mixed; boundary="------------hlr2EndMvNb9fXVkKY4ElZQw"; protected-headers="v1" From: DutchDaemon - FreeBSD Forums Administrator To: ports@freebsd.org Message-ID: Subject: Re: FreeBSD 13 + CertBot + OpenSSL 3 - status? References: <76713a44-1fa4-41ee-a4f9-177907e9a57f@FreeBSD.org> <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org> In-Reply-To: <7389a126-4f14-44aa-91c9-325d6475eb3c@FreeBSD.org> --------------hlr2EndMvNb9fXVkKY4ElZQw Content-Type: multipart/alternative; boundary="------------lWLSEiQOHBwmp7z0wnggrjJa" --------------lWLSEiQOHBwmp7z0wnggrjJa Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjQvMTAvMjAyMyAxODoyNCwgTWF0dGhldyBTZWFtYW4gd3JvdGU6DQo+IE9uIDI0LzEw LzIwMjMgMTM6NTQsIER1dGNoRGFlbW9uIC0gRnJlZUJTRCBGb3J1bXMgQWRtaW5pc3RyYXRv ciB3cm90ZToNCj4+IERvZXMgYW55b25lIGluICdwb3J0IGxhbmQnIGtub3cgd2hhdCB0aGUg Y3VycmVudCBkZXZlbG9wbWVudHMgYXJlIHdydCANCj4+IENlcnRCb3QgKG9yIHB5LWNyeXB0 byB1bmRlciBpdHMgaG9vZCk/DQo+Pg0KPj4gQ2VydEJvdCBpcyBoYXBwaWx5IGNvbXBpbGlu ZyBhZ2FpbnN0IE9wZW5TU0wgMyBmcm9tIHBvcnRzLCBidXQgd2hlbiANCj4+IHJ1bm5pbmcg J2NlcnRib3QnLCB0aGUgY3J5cHRvIHNpZGUgb2YgaXQgdGFsa3MgdG8gdGhlIGJhc2Ugc3lz dGVtIA0KPj4gT3BlblNTTCAxLjEuMSwgaGVuY2UgZmFpbGluZyBiZWNhdXNlIHRoZSBPcGVu U1NMIDEuMS4xIGxpYnJhcnkgZG9lcyANCj4+IG5vdCB1bmRlcnN0YW5kIHRoZSBPcGVuU1NM IDMgY2FsbHMgbWFkZSB0byBpdC4NCj4+DQo+PiDCoEZyb20gd2hhdCBJIHVuZGVyc3Rvb2Qs IHRoaXMgd2FzIGR1ZSB0byBhbiBlcnJvci9yZWdyZXNzaW9uIGluIA0KPj4gcGtnY29uZig/ KSB3aGljaCBjYXVzZXMgc29tZSB0eXBlIG9mICdwYXRoIHJldmVyc2FsJyB0aGF0IGNhdXNl cyANCj4+IHB5LWNyeXB0byB0byBpZ25vcmUgdGhlIE9wZW5TU0wgaXQgd2FzIGNvbXBpbGVk IGFnYWluc3QsIGZhdm9yaW5nIHRoZSANCj4+IGJhc2Ugc3lzdGVtIGxpYnJhcnkuDQo+Pg0K Pj4gSSBlaXRoZXIgaGF2ZSB0byByZXZlcnQgYSB3aG9sZSBsb3Qgb2Ygc2VydmVycyBiYWNr IHRvIE9wZW5TU0wgMS4xLjF3IA0KPj4gZnJvbSBwb3J0cyBpbiBvcmRlciB0byByZW5ldyBj ZXJ0aWZpY2F0ZXMsIG9yIHdhaXQgZm9yICJhbnkgbW92ZW1lbnQiIA0KPj4gaW4gZ2V0dGlu ZyB0aGUgcGF0aCByZXZlcnNhbCBhZGRyZXNzZWQvZml4ZWQuDQo+Pg0KPj4gU286IGRvZXMg YW55b25lIGtub3cgd2hlcmUgd2UncmUgYXQgd2l0aCB0aGlzPw0KPj4NCj4NCj4gY2VydGJv dCBpcyBydW5uaW5nIGp1c3QgZmluZSBmb3IgbWUgb24gc3RhYmxlLzE0IHdpdGggb3BlbnNz bCAzLnggZnJvbSANCj4gcG9ydHMuwqAgTm90ZSB0aGF0IHN0YWJsZS8xNCBoYXMgb3BlbnNz bCAzLnggaW4gYmFzZS4NCj4NCj4gwqDCoMKgwqBDaGVlcnMsDQo+DQo+IMKgwqDCoMKgTWF0 dGhldw0KPg0KDQpZZXMgOykNCg0KDQpJIGtuZXcgdGhhdCB0aGF0IHdvdWxkIGJlICd0aGUg b3RoZXIgb3B0aW9uJywgYnV0IHRyYWNraW5nIC1SRUxFQVNFIGFuZCANCml0cyBwYXRjaCBs ZXZlbHMgaXMgY3VycmVudGx5IHByZWZlcnJlZCBvdmVyIGhlcmUuDQoNCkdvdCBhIHRpcCBh Ym91dCAnZGVoeWRyYXRlZCcsIHNvIG1heWJlIHRoYXQnbGwgd29yayBmb3Igbm93LCB1bnRp bCANCjE0LVJFTCBpcyBvbiB0aGUgYm9va3MuDQoNCg== --------------lWLSEiQOHBwmp7z0wnggrjJa Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On 24/10/2023 18:24, Matthew Seaman wrote:
On 24/10/2023 13:54, DutchDaemon - FreeBSD Forums Administrator wrote:
Does anyone in 'port land' know what the current developments are wrt CertBot (or py-crypto under its hood)?

CertBot is happily compiling against OpenSSL 3 from ports, but when running 'certbot', the crypto side of it talks to the base system OpenSSL 1.1.1, hence failing because the OpenSSL 1.1.1 library does not understand the OpenSSL 3 calls made to it.

=C2=A0From what I understood, this was due to an error/regression= in pkgconf(?) which causes some type of 'path reversal' that causes py-crypto to ignore the OpenSSL it was compiled against, favoring the base system library.

I either have to revert a whole lot of servers back to OpenSSL 1.1.1w from ports in order to renew certificates, or wait for "any movement" in getting the path reversal addressed/fixed.

So: does anyone know where we're at with this?


certbot is running just fine for me on stable/14 with openssl 3.x from ports.=C2=A0 Note that stable/14 has openssl 3.x in base.

=C2=A0=C2=A0=C2=A0=C2=A0Cheers,

=C2=A0=C2=A0=C2=A0=C2=A0Matthew


Yes ;)=C2=A0


I knew that that would be 'the other option', but tracking -RELEASE and its patch levels is currently preferred over here.

=

Got a tip about 'dehydrated', so maybe that'll work for now, until 14-REL is on the books.

--------------lWLSEiQOHBwmp7z0wnggrjJa-- --------------hlr2EndMvNb9fXVkKY4ElZQw-- --------------f2Qi0BXzrG8NBJAXSWd7cQbv Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEE9AWUvcZu/lO5r3wZ0R2eb0cya6gFAmU4JH0FAwAAAAAACgkQ0R2eb0cya6j4 gg//dU8hqTjji73Qf9uuBQBXrjQZ3LJ2BGvvWzHx1vAooCO5kzTegQCRhaN0gnQGenkjsOc9VPMJ k9VgL/xZztQzQIJstcGwsPqLotD+pvzDZpFiJruRwqOQXUIEYhAyZ5kJL9uHVicN0ApjAX8+9nKj ksJPig9zfg8KVj+gZRWDuecBdQfo5ZBFZx8wr1ACB1wA+L7Lc9csmta7em4UereGxgMbby6sbIm9 oZsRTjBj/6KyQ8seeOi0lMcLvFZHGa+A6JmJZZwtX+r1ivBTwJmW1bzdj27MTp507Iyz4Crdz6ib rLNbq/m0CetVQk8k54q8hj2HHlMT51dTgjR97bRe8Wz8CbsOqQ6+iDTeWU/CFqgMFJtQoP9v/wVQ ZRYKvHms53Kc2XsKFZVwhucBZb+ogGKL2IUZ1C1A2cAigUt8clcqPWFyOnaQdp8aJMAMDcNUkE6e EnEil7Qw2tAb/qmICNGJcKgEAjC4Pbh0KkycoM+czgVUfxpzQvcY+SgZ01AZy+d987ny1MYxH5lr rn+MJVpXmHBWKLLOPoSpxmYYwTbVeFrMt0Tujv9CE0q5j7UTN7UePJ3aGsON65Wui5mpwNmlZ0V+ zS+vWgEWq+WfVpaZI113RCyiDCFAQCaoh6AdVjHPow5pw26kOaEXRri99JE2dRU9YNgVYerY5ECi bQI= =Hi54 -----END PGP SIGNATURE----- --------------f2Qi0BXzrG8NBJAXSWd7cQbv--