Re: openssl 0.9.8 breaking things
On Sep 28, 2005, at 7:26 PM, Gary Kline wrote: On Wed, Sep 28, 2005 at 06:48:03PM +0200, Daniel Gerzo wrote: Hello Mark, Wednesday, September 28, 2005, 6:41:47 PM, you contributed this to our collective wisdom: Just upgraded to openssl 0.9.8 and things are breaking, namely exim and cyrus-imap. Non-SSL connections work, SSL connections cause a segfault. I'm going back to 0.9.7g using the WITH_OPENSSL_097 flag, but is there some way to make this work with 0.9.8? Have I totally missed something here? you need to recompile your software (exim,cyrus-imap,...) against new openssl libs. I'll toss in my two cents here just FWIW. I had troubles with all sorts of sh* (stuff) breaking when I touched openssl. I had not---or maybe I did, inadvertently--used the openssl port. I *had* to use /usr/src/secure/openssl/whatever; when applications began breaking. I pkg_deleted openssl and rebuilt the native /usr/src/* stuff. These apps are tightly interdependent; that's why you are seeing things break. This may or may not work generally. It cost me at least a day's investigation ... and I'm *still* not sure that everything's right. I think I have a clue as to why this is becoming complicated. I didn't have either WITH_OPENSSL_BASE=yes or WITH_OPENSSL_PORT=yes in / etc/make.conf. What must be happening is that some things are using the base openssl, and some are using the port, which is causing a conflict. That's my guess. For whatever reason, the 0.9.7g port doesn't cause a conflict, whereas 0.9.8 does. I don't really see the point of having the openssl port installed, in my case. Its only installed because some port wanted it and built it, and I didn't have WITH_OPENSSL_BASE=yes set. So, I'm now going to set WITH_OPENSSL_BASE=yes, remove the openssl port, and rebuild everything that depended upon the openssl port. Can anyone either refute any of the above guesses, or tell me why I am a fool to go with the base openssl rather than the port? Thanks! -- Mark Edwards [EMAIL PROTECTED] cell: +46704070332 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: openssl 0.9.8 breaking things
On Thu, Sep 29, 2005 at 11:05:33AM +0200, Mark Edwards wrote: On Sep 28, 2005, at 7:26 PM, Gary Kline wrote: I think I have a clue as to why this is becoming complicated. I didn't have either WITH_OPENSSL_BASE=yes or WITH_OPENSSL_PORT=yes in / etc/make.conf. What must be happening is that some things are using the base openssl, and some are using the port, which is causing a conflict. That's my guess. For whatever reason, the 0.9.7g port doesn't cause a conflict, whereas 0.9.8 does. I don't really see the point of having the openssl port installed, in my case. Its only installed because some port wanted it and built it, and I didn't have WITH_OPENSSL_BASE=yes set. So, I'm now going to set WITH_OPENSSL_BASE=yes, remove the openssl port, and rebuild everything that depended upon the openssl port. Thanks for finding this! I believe in the KISS philosophy: Keep it simple, Sir. The only time I used a non-system-default port was when the default named was v8 and I used the v9 in ports. Otherwise, FreeBSD has a great selection of security programs as its default. It may be that some admins go for the bleeding-edge ports. --Anyway, I've added the openssl_base=yes to make.conf. I've added openssl to the local/etc/pkgtools.conf to my HOLD_PKGS list. gary Can anyone either refute any of the above guesses, or tell me why I am a fool to go with the base openssl rather than the port? Thanks! -- Mark Edwards [EMAIL PROTECTED] cell: +46704070332 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Gary Kline [EMAIL PROTECTED] www.thought.org Public service Unix ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
openssl 0.9.8 breaking things
Just upgraded to openssl 0.9.8 and things are breaking, namely exim and cyrus-imap. Non-SSL connections work, SSL connections cause a segfault. I'm going back to 0.9.7g using the WITH_OPENSSL_097 flag, but is there some way to make this work with 0.9.8? Have I totally missed something here? This is FreeBSD 4.11. Thanks! -- Mark Edwards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: openssl 0.9.8 breaking things
Hello Mark, Wednesday, September 28, 2005, 6:41:47 PM, you contributed this to our collective wisdom: Just upgraded to openssl 0.9.8 and things are breaking, namely exim and cyrus-imap. Non-SSL connections work, SSL connections cause a segfault. I'm going back to 0.9.7g using the WITH_OPENSSL_097 flag, but is there some way to make this work with 0.9.8? Have I totally missed something here? you need to recompile your software (exim,cyrus-imap,...) against new openssl libs. This is FreeBSD 4.11. Thanks! -- Best Regards, DanGer, ICQ: 261701668 | e-mail protecting at: http://www.2pu.net/ http://danger.rulez.sk | proxy list at:http://www.proxy-web.com/ | FreeBSD - The Power to Serve! [ Was Jimi Hendrix's modem a `[1;35mPurple Hayes`[0m? ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: openssl 0.9.8 breaking things
On Sep 28, 2005, at 6:48 PM, Daniel Gerzo wrote: Hello Mark, Wednesday, September 28, 2005, 6:41:47 PM, you contributed this to our collective wisdom: Just upgraded to openssl 0.9.8 and things are breaking, namely exim and cyrus-imap. Non-SSL connections work, SSL connections cause a segfault. I'm going back to 0.9.7g using the WITH_OPENSSL_097 flag, but is there some way to make this work with 0.9.8? Have I totally missed something here? you need to recompile your software (exim,cyrus-imap,...) against new openssl libs. Thanks, I'm getting it under control now. I tried recompiling things at first, but I missed a component, which made it seem like there was just an incompatibility. Its slowly coming back to life now... -- Mark Edwards [EMAIL PROTECTED] cell: +46704070332 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: openssl 0.9.8 breaking things
On Wed, Sep 28, 2005 at 06:48:03PM +0200, Daniel Gerzo wrote: Hello Mark, Wednesday, September 28, 2005, 6:41:47 PM, you contributed this to our collective wisdom: Just upgraded to openssl 0.9.8 and things are breaking, namely exim and cyrus-imap. Non-SSL connections work, SSL connections cause a segfault. I'm going back to 0.9.7g using the WITH_OPENSSL_097 flag, but is there some way to make this work with 0.9.8? Have I totally missed something here? you need to recompile your software (exim,cyrus-imap,...) against new openssl libs. This is FreeBSD 4.11. Thanks! I'll toss in my two cents here just FWIW. I had troubles with all sorts of sh* (stuff) breaking when I touched openssl. I had not---or maybe I did, inadvertently--used the openssl port. I *had* to use /usr/src/secure/openssl/whatever; when applications began breaking. I pkg_deleted openssl and rebuilt the native /usr/src/* stuff. These apps are tightly interdependent; that's why you are seeing things break. This may or may not work generally. It cost me at least a day's investigation ... and I'm *still* not sure that everything's right. gary -- Gary Kline [EMAIL PROTECTED] www.thought.org Public service Unix ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: openssl 0.9.8 breaking things
On Sep 28, 2005, at 7:26 PM, Gary Kline wrote: On Wed, Sep 28, 2005 at 06:48:03PM +0200, Daniel Gerzo wrote: Hello Mark, Wednesday, September 28, 2005, 6:41:47 PM, you contributed this to our collective wisdom: Just upgraded to openssl 0.9.8 and things are breaking, namely exim and cyrus-imap. Non-SSL connections work, SSL connections cause a segfault. I'm going back to 0.9.7g using the WITH_OPENSSL_097 flag, but is there some way to make this work with 0.9.8? Have I totally missed something here? you need to recompile your software (exim,cyrus-imap,...) against new openssl libs. This is FreeBSD 4.11. Thanks! I'll toss in my two cents here just FWIW. I had troubles with all sorts of sh* (stuff) breaking when I touched openssl. I had not---or maybe I did, inadvertently--used the openssl port. I *had* to use /usr/src/secure/openssl/whatever; when applications began breaking. I pkg_deleted openssl and rebuilt the native /usr/src/* stuff. These apps are tightly interdependent; that's why you are seeing things break. This may or may not work generally. It cost me at least a day's investigation ... and I'm *still* not sure that everything's right. gary I take back what I said about things working. I was fooled into thinking things were working when I had deinstalled 0.9.8 and things started working again. I reinstalled 0.9.8 and things broke again, with no other changes. Now I'm reinstalling 0.9.7g and hoping for the best. I guess I have to install 0.9.8 and clean install everything that depends on it, at a time when I can have everything broken for several hours. Just rebuilding cyrus-imap, cyrus-sasl, and exim didn't do it. -- Mark Edwards [EMAIL PROTECTED] cell: +46704070332 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]