FreeBSD Security Advisory FreeBSD-SA-20:33.openssl
Franco Fichtner
franco at lastsummer.de
Fri Dec 11 12:28:55 UTC 2020
> On 11. Dec 2020, at 13:20, Martin Simmons <martin at lispworks.com> wrote:
>
>
>>
>>>>>> On Fri, 11 Dec 2020 12:44:17 +0100, Franco Fichtner said:
>>
>>>> On 11. Dec 2020, at 12:38 PM, Martin Simmons <martin at lispworks.com> wrote:
>>>
>>>>>>>> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
>>>>
>>>> What are peoples thoughts on how to address the support mismatch between
>>>> FreeBSD and OpenSSL? And how to address it?
>>>
>>> Maybe it would help a little if the packages on pkg.FreeBSD.org all used the
>>> pkg version of OpenSSL? Currently, it looks like you have build your own
>>> ports if you want that.
>>
>> This pretty much breaks LibreSSL ports usage for binary package consumers.
>
> I'm talking about the binary packages from pkg.FreeBSD.org. Don't they always
> use the base OpenSSL at the moment?
Yes, and if it would be built against ports OpenSSL you can no longer build against LibreSSL locally.
In OPNsense we do build against ports OpenSSL for upgrade ease, but we also offer a second set of packages for LibreSSL.
For the normal FreeBSD user defaulting packages against OpenSSL from ports would be severely limiting their capability to deviate from this with one-off builds and most cannot or will not run their own poudriere batch.
Effectively, using the second tier crypto to emulate the first tier crypto would trash the second tier for everyone else.
Cheers,
Franco
More information about the freebsd-security
mailing list