On 01/02/21 04:24, Rick Macklem wrote: > Rick Macklem wrote: >> Guido Falsi wrote: >> [good stuff snipped] >>> Performed a full bisect. Tracked it down to commit aa906e2a4957, adding >>> KTLS support to embedded OpenSSL. >>> >>> I filed a bug report about this: >>> >>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135 >>> >>> >>> Apart from switching to svn:// scheme, another workaround is to build >>> base using WITHOUT_OPENSSL_KTLS. >> Just fyi, when I tested the daemons I have for nfs-over-tls (which use ktls), >> they acted like things were ok (no handshake problems), but the data >> ended up on the wire unencrypted (nfs-over-tls doesn't do a SSL_write(), >> so it depends on ktls to do the encryption). >> >> Since these daemons work fine with openssl3 in ports/security/openssl-devel, >> I suspect the ktls backport is not quite right. I've sent jhb_at_ email. > I was wrong on the above. I did a full buildworld/installworld and the daemons > now seem to work with the openssl in head/main. > > Btw, did anyone try rebuilding svn from sources after doing > the system upgrade? > (The openssl library calls and .h files definitely changed.) > The problem happens with svnlite from base, which should have been rebuilt and reinstalled with the system upgrade. I also tested with ports svn which I did rebuild in poudriere and force reinstalled. So, actually yes I did rebuild it, but I could force a new rebuild just to be sure. -- Guido Falsi <mad_at_madpilot.net>Received on Mon Feb 01 2021 - 07:23:43 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:27 UTC