On Mon, 1 Feb 2021 03:24:45 +0000 Rick Macklem <rmack...@uoguelph.ca> wrote:
> Rick Macklem wrote: > >Guido Falsi wrote: > >[good stuff snipped] > >>Performed a full bisect. Tracked it down to commit aa906e2a4957, adding > >>KTLS support to embedded OpenSSL. > >> > >>I filed a bug report about this: > >> > >>https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135 > >> > >> > >>Apart from switching to svn:// scheme, another workaround is to build > >>base using WITHOUT_OPENSSL_KTLS. > >Just fyi, when I tested the daemons I have for nfs-over-tls (which use ktls), > >they acted like things were ok (no handshake problems), but the data > >ended up on the wire unencrypted (nfs-over-tls doesn't do a SSL_write(), > >so it depends on ktls to do the encryption). > > > >Since these daemons work fine with openssl3 in ports/security/openssl-devel, > >I suspect the ktls backport is not quite right. I've sent jhb@ email. > I was wrong on the above. I did a full buildworld/installworld and the daemons > now seem to work with the openssl in head/main. > > Btw, did anyone try rebuilding svn from sources after doing > the system upgrade? > (The openssl library calls and .h files definitely changed.) Yes, I did, on all boxes and its a pain in the a..., we had to rebuild EVERY port (at least, I did, to avoid further problem). Yesterday, on of our fastes boxes got ready and even with a full rebuild of the system AND a full rebuild of the ports (no poudriere, traditional way via make), the Apache 2.4 webservice doesn't work, and so does subversion not (Firefox reports problems with SSL handshake, subversion is stuck/frozen forever). I will run today another full world build today, hopefully finishing on friday (portmaster -dfR doesn't get everything in line on some ports, I assume). oh > > rick > > rick > > -- > Guido Falsi <m...@madpilot.net> > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
pgpWSTdd57lVc.pgp
Description: OpenPGP digital signature
