Re: [pfSense Support] Ticket #1447 question

Mon, 10 Sep 2007 16:39:37 -0700 

Chris,
Apologies for not answering your question. I was too wound up responding to Scott :-). 


There are a couple of reasons that I don't think that it's present in  
the binary distribution.  First is that the real-world use displays  
the exact same base problem... a fairly specific decryption failure  
which occurs only when the channel is idle (ping packets).  Second,  
openvpn on 1.2RC2 fails the specific test case for the problem.



Yes, this is circumstantial.  It is possible that there is another  
(new) defect that is causing the exact same problem.  But this seems  
somewhat unlikely.  I'm building openvpn from scratch and will test.




On a separate note, I see from Scott's email that the padlock module  
has been removed from the kernel (sometime before 1.0).  Any idea of  
when it might go back in?


Denny



On Sep 10, 2007, at 14:22 , Chris Buechler wrote:


Denny Page wrote:

Scott/Chris,


Agree that the padlock it is not a security issue.  It does  
represent a serious performance issue however.



I installed the pfSense developer system (http:// 
pfsense.untouchable.net/downloads/developers/pfSense-1.2- 
BETA-1.iso.gz) to see what would be required to build a corrected  
version.  I was further surprised to find that the OpenSSL in the  
development environment (/usr/src/crypto/openssl/cryptio/engine/ 
eng_padlock.c) already has the patch installed.



I have no prior experience with the pfSense developer environment,  
so please forgive me if this is a stupid question: Is there any  
reason that the fix appears to be present in the 1.2 Beta  
developer source but not in the 1.2RC2 binary distribution?



What you should find in the binary build is whatever is in FreeBSD  
RELENG_6_2 at the time of the image build.



what makes you think it's not included?  (ignoring the fact that it  
shouldn't matter since padlock isn't supported)




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



























					Reply via email to