recompiling openssl in base system with -DOPENSSL_NO_HEARTBEATS
Matthias Apitz
guru at unixarea.de
Sun Apr 13 07:46:52 UTC 2014
El día Sunday, April 13, 2014 a las 09:03:40AM +0200, Matthias Apitz escribió:
>
> Hello,
>
> I run a bunch of -CURRENT systems and due to the OpenSSL HEARTBEAT issue
> I want to recompile the libssl.so in the base system with the option
> -DOPENSSL_NO_HEARTBEATS.
>
> What is the best procedure to do this?
I think the easy way is what I did now:
$ ./heartbleed/heartbleed localhost:631
VULNERABLE!
we have to recompile libssl.so.7
# cd /usr/src/secure/lib/libssl
# vim ../libcrypto/Makefile.inc
added to the line -DOPENSSL_NO_HEARTBEATS as shown here:
# diff ../libcrypto/Makefile.inc*
12c12
< CFLAGS+= -DTERMIOS -DANSI_SOURCE -DOPENSSL_NO_HEARTBEATS
---
> CFLAGS+= -DTERMIOS -DANSI_SOURCE
# make
# make install
$ ~/heartbleed/heartbleed localhost:631
NOT VULNERABLE (TLS Heartbeat extension not supported by the server)
--
Matthias Apitz | /"\ ASCII Ribbon Campaign:
E-mail: guru at unixarea.de | \ / - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ | X - No proprietary attachments
phone: +49-170-4527211 | / \ - Respect for open standards
| en.wikipedia.org/wiki/ASCII_Ribbon_Campaign
More information about the freebsd-current
mailing list