Re: problems with openssl in 4.0rc and ports/security/openssh
I installed a fresh 4.0 release candidate this morning, including the crypto stuff (des, kerberos...). Tried to install openssh from ports tree as well, but couldn't. It was looking for /usr/include/openssl/rsa.h which was not there, and I couldn't find a knob to turn RSA requirement off. Where did you obtain your crypto sources from? You should be using internat.freebsd.org, which should have the RSA header (i.e you should not be using a US mirror site). Can you verify this? No sources, binary install. I haven't updated the openssh port yet to use the system version of openssl - once it's updated it will point you to a section of the handbook to explain what you need to do first (Chapter 6.5, thanks Jim :-) if it can't build with the version of openssl you currently have. The packages it refers to aren't yet available, because I haven't had the time to build them, but I'll either be doing this tonight or over the weekend. You'll have to rebuild from source as it explains there. hmm... ok. well, not too very important I guess, just a shame that it didn't work. -- Nice testing in little China... To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
internat:/home/ftp/pub/FreeBSD/releases/i386/4.0-2211-SNAP/des cat des.?? | tar -tzvf - | grep rsa -r--r--r-- root/wheel12208 Feb 12 07:09 2000 usr/include/openssl/rsa.h Or is there something that I miss? That looks right. I think the original person was getting their crypto from the wrong place. The original person was not getting crypto anywhere, just installing from the install floppies, which didn't seem to work somehow for installing this port. That is all -- Nice testing in little China... To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
On Sat, 12 Feb 2000, Motoyuki Konno wrote: Related question: Are there any plan to distribute USA_RESIDENT=NO version of des binary distribution? If not, non-USA users must rebuilt the crypto libraries from source to use international-crypto packages. The des distribution (des/des.??) of the 4.0 release candidate does not includes RSA headers nor RSA binaries, because they were built as USA_RESIDENT=YES. Are you referring to the crypto distribution? Mark Murray ([EMAIL PROTECTED]) is the person you need to talk to about non-US crypto stuff. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
Related question: Are there any plan to distribute USA_RESIDENT=NO version of des binary distribution? If not, non-USA users must rebuilt the crypto libraries from source to use international-crypto packages. The des distribution (des/des.??) of the 4.0 release candidate does not includes RSA headers nor RSA binaries, because they were built as USA_RESIDENT=YES. Are you referring to the crypto distribution? Mark Murray ([EMAIL PROTECTED]) is the person you need to talk to about non-US crypto stuff. Well I'm not Mark Murray, but I have been building the snaps on internat and to me it looks like rsa.h is included: internat:/home/ftp/pub/FreeBSD/releases/i386/4.0-2211-SNAP/des cat des.?? | tar -tzvf - | grep rsa -r--r--r-- root/wheel12208 Feb 12 07:09 2000 usr/include/openssl/rsa.h Or is there something that I miss? John -- John Hay -- [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
On Sat, 12 Feb 2000, John Hay wrote: and to me it looks like rsa.h is included: internat:/home/ftp/pub/FreeBSD/releases/i386/4.0-2211-SNAP/des cat des.?? | tar -tzvf - | grep rsa -r--r--r-- root/wheel12208 Feb 12 07:09 2000 usr/include/openssl/rsa.h Or is there something that I miss? That looks right. I think the original person was getting their crypto from the wrong place. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
The problem initially reported was made worse by a couple of things. First, Kris has not yet committed the changes to the openssh port so that it will issue errors about the cryptography not being installed "correctly". This will not be in all ports that use openssl when 4.0 is released. The ports which will not be modified are the ones which are using configure to find openssl and have not had build problems reported. (I have been looking at bento's error reports, but not on the ports mailing list since I can't handle the additional e-mail volume.) These include several ports which simply disable SSL when they do not link correctly when they test for the existence of openssl (RSA symbols undefined). (If you come across any ports like this, please let Kris and me know so we can patch the port.) I also still have a couple ports in this class to be completed. The ports Kris and I have fixed also will use the system version of openssl over the port if it is installed. Unpatched ports may use either version if the openssl port is installed. Next, the error messages in ports/MK/bsd.ports.mk refer to a section of the handbook which had not been committed when the release candidate was created (and is still not on the web). We still need the packages (USA and international) created to upgrade the cryptography to include RSA. In conclussion, this will never be completed fixed (until all of the legal issues disappear). People will need to manually install upgraded cryptography as part of installing. The original complaint just points out that we are not yet at the point where we want to be for the final release of 4.0, but that was why 4.0RC was created. Jim Bloom [EMAIL PROTECTED] Kris Kennaway wrote: On Sat, 12 Feb 2000, John Hay wrote: and to me it looks like rsa.h is included: internat:/home/ftp/pub/FreeBSD/releases/i386/4.0-2211-SNAP/des cat des.?? | tar -tzvf - | grep rsa -r--r--r-- root/wheel12208 Feb 12 07:09 2000 usr/include/openssl/rsa.h Or is there something that I miss? That looks right. I think the original person was getting their crypto from the wrong place. Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
Are there any plan to distribute USA_RESIDENT=NO version of des binary distribution? I have no current plans to build such a thing and am USA_RESIDENT myself so it would be a questionable thing from a legal standpoint, I think. I can hardly wait until September when the RSA patent expires! :) - Jordan To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
In message [EMAIL PROTECTED], "Jordan K. Hubbard" writes: Are there any plan to distribute USA_RESIDENT=NO version of des binary distribution? I have no current plans to build such a thing and am USA_RESIDENT myself so it would be a questionable thing from a legal standpoint, I think. I can hardly wait until September when the RSA patent expires! :) Could somebody send a short overview of the "crypto in FreeBSD" situation ? I bet there are more people than me who have lost track of what is in, what is out and what USA_RESIDENT changes... -- Poul-Henning Kamp FreeBSD coreteam member [EMAIL PROTECTED] "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
On Sat, 12 Feb 2000, Poul-Henning Kamp wrote: Could somebody send a short overview of the "crypto in FreeBSD" situation ? I bet there are more people than me who have lost track of what is in, what is out and what USA_RESIDENT changes... See the new chapter 6.5 in the handbook for an explanation of the openssl situation. That's all thats really changed lately. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
Hi Mark! I installed a fresh 4.0 release candidate this morning, including the crypto stuff (des, kerberos...). Tried to install openssh from ports tree as well, but couldn't. It was looking for /usr/include/openssl/rsa.h which was not there, and I couldn't find a knob to turn RSA requirement off. If you have USA_RESIDENT set to "NO", make sure, you cvsup crypto sources from cvsup.internat.freebsd.org. cvsup.de.freebsd.org (e.g.) carries US crypto sources which don't install RSA since they have to use RSAREF. HTH, Patrick To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: problems with openssl in 4.0rc and ports/security/openssh
On Fri, 11 Feb 2000, Mark Huizer wrote: I installed a fresh 4.0 release candidate this morning, including the crypto stuff (des, kerberos...). Tried to install openssh from ports tree as well, but couldn't. It was looking for /usr/include/openssl/rsa.h which was not there, and I couldn't find a knob to turn RSA requirement off. Where did you obtain your crypto sources from? You should be using internat.freebsd.org, which should have the RSA header (i.e you should not be using a US mirror site). Can you verify this? I haven't updated the openssh port yet to use the system version of openssl - once it's updated it will point you to a section of the handbook to explain what you need to do first (Chapter 6.5, thanks Jim :-) if it can't build with the version of openssl you currently have. The packages it refers to aren't yet available, because I haven't had the time to build them, but I'll either be doing this tonight or over the weekend. You'll have to rebuild from source as it explains there. Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
