[Bug 273656] security/py-certbot: needs export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 in ${LOCALBASE}/etc/periodic/weekly/500.certbot-3.9 on systems with OpenSSL 3

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 273656] security/py-certbot: needs export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 in ${LOCALBASE}/etc/periodic/weekly/500.certbot-3.9 on systems with OpenSSL 3"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 20 Nov 2023 14:08:11 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273656

Franco Fichtner <franco@opnsense.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |franco@opnsense.org

--- Comment #3 from Franco Fichtner <franco@opnsense.org> ---
It appears that crypto parts of Python simply require legacy.so to be present
for OpenSSL 3 by default.  In security/openssl that is the LEGACY option, which
is also off by default.

Should each Python port be modified to add CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 ?

The comment in the patch is misleading: "If you did not expect this error, you
have likely made a mistake with your OpenSSL configuration."


Cheers,
Franco

-- 
You are receiving this mail because:
You are the assignee for the bug.