Rick Macklem wrote: >Guido Falsi wrote: >[good stuff snipped] >>Performed a full bisect. Tracked it down to commit aa906e2a4957, adding >>KTLS support to embedded OpenSSL. >> >>I filed a bug report about this: >> >>https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135 >> >> >>Apart from switching to svn:// scheme, another workaround is to build >>base using WITHOUT_OPENSSL_KTLS. >Just fyi, when I tested the daemons I have for nfs-over-tls (which use ktls), >they acted like things were ok (no handshake problems), but the data >ended up on the wire unencrypted (nfs-over-tls doesn't do a SSL_write(), >so it depends on ktls to do the encryption). > >Since these daemons work fine with openssl3 in ports/security/openssl-devel, >I suspect the ktls backport is not quite right. I've sent jhb_at_ email. I was wrong on the above. I did a full buildworld/installworld and the daemons now seem to work with the openssl in head/main. Btw, did anyone try rebuilding svn from sources after doing the system upgrade? (The openssl library calls and .h files definitely changed.) rick rick -- Guido Falsi <mad_at_madpilot.net> _______________________________________________ freebsd-current_at_freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" _______________________________________________ freebsd-current_at_freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"Received on Mon Feb 01 2021 - 02:24:48 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:27 UTC