On 03/02/21 07:16, Hartmann, O. wrote: > On Mon, 1 Feb 2021 03:24:45 +0000 > Rick Macklem <rmacklem_at_uoguelph.ca> wrote: > >> Rick Macklem wrote: >>> Guido Falsi wrote: >>> [good stuff snipped] >>>> Performed a full bisect. Tracked it down to commit aa906e2a4957, adding >>>> KTLS support to embedded OpenSSL. >>>> >>>> I filed a bug report about this: >>>> >>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135 >>>> >>>> >>>> Apart from switching to svn:// scheme, another workaround is to build >>>> base using WITHOUT_OPENSSL_KTLS. >>> Just fyi, when I tested the daemons I have for nfs-over-tls (which use ktls), >>> they acted like things were ok (no handshake problems), but the data >>> ended up on the wire unencrypted (nfs-over-tls doesn't do a SSL_write(), >>> so it depends on ktls to do the encryption). >>> >>> Since these daemons work fine with openssl3 in ports/security/openssl-devel, >>> I suspect the ktls backport is not quite right. I've sent jhb_at_ email. >> I was wrong on the above. I did a full buildworld/installworld and the daemons >> now seem to work with the openssl in head/main. >> >> Btw, did anyone try rebuilding svn from sources after doing >> the system upgrade? >> (The openssl library calls and .h files definitely changed.) > > Yes, I did, on all boxes and its a pain in the a..., we had to rebuild EVERY port (at > least, I did, to avoid further problem). Yesterday, on of our fastes boxes got ready and > even with a full rebuild of the system AND a full rebuild of the ports (no poudriere, > traditional way via make), the Apache 2.4 webservice doesn't work, and so does subversion > not (Firefox reports problems with SSL handshake, subversion is stuck/frozen forever). > I will run today another full world build today, hopefully finishing on friday (portmaster > -dfR doesn't get everything in line on some ports, I assume). Ass I said a confirmed woraround is building world with WITHOUT_OPENSSL_KTLS defined. -- Guido Falsi <mad_at_madpilot.net>Received on Wed Feb 03 2021 - 07:49:38 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:27 UTC