On 2020-02-27 11:42, Willem Jan Withagen wrote:
On 27-2-2020 20:25, Miroslav Lachman wrote:
Willem Jan Withagen wrote on 2020/02/27 20:00:
Hi,
My ceph ports uses all kinds of python stuff, and now the trouble is
that I'm getting
an error on missing:
SSLv3_client_method
Which i guess, is because in the current openssl libs SSLv3 is
disabled.
And I sort of get this, SSLv3 is unsafe.
But I need it to be able to run parts of the ceph port.
So how do I get a openssl lib dependancy that has SSLv3 enabled.
You can build OpenSSL 1.1.1 from the ports where you can enable SSLv3
in the options dialog.
https://www.freshports.org/security/openssl/
The defaults are:
====> Protocol Support
NEXTPROTONEG=on: Next Protocol Negotiation (SPDY)
SCTP=on: SCTP (Stream Control Transmission)
SSL3=off: SSLv3 (unsafe)
TLS1=on: TLSv1.0 (requires TLS1_1, TLS1_2)
TLS1_1=on: TLSv1.1 (requires TLS1_2)
TLS1_2=on: TLSv1.2
Yup, this is what I did, and that works.
But how do I do that for a port? And the make sure that the installer
of the ceph-package gets an openssl that had SSLv3
It may be best to build an internal package with the options you need
configured accordingly. I do this via poudriere for some of my internal
software. For example I have this file on my package builder:
/usr/local/etc/poudriere.d/make.conf
which contains the following:
x11-servers_xorg-server_SET=FIXDRM
I think this matches the same format of make.conf you would use if
building the ports tree locally.
-pete
--
Pete Wright
p...@nomadlogic.org
@nomadlogicLA
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"