Regression in GSSAPI/libxh509 linking? [PR bin/147175]
Matthias Andree
matthias.andree at gmx.de
Tue Jul 6 22:26:07 UTC 2010
Am 06.07.2010, 21:00 Uhr, schrieb Matthew Seaman:
> On 06/07/2010 15:14:28, Andrew Reilly wrote:
>> So: how should I "fix" this, properly, on my -current system? Is it
>> as simple as installing heimdal from ports? I can't remove openssl-1.0:
>> that has 191 ports listed in its REQUIRED_BY file.
>
> Rebuild the port of openssl-1.0.0 after modifying the OPTIONS to include
> MD2=on ?
Not good given that MD2 is broken. Very broken, not just by a factor of
2^5 or something.
Where upon rests the earlier assertion (not by Matthew) that Kerberos V
needed MD2 checksums?
I can't seem to find that in the KRB5 protocol and checksum RFCs. If it's
not mandatory we may want to nuke MD2 from Kerberos to remedy a
weakness... Chapter and Verse welcome.
Thanks.
--
Matthias Andree
More information about the freebsd-current
mailing list