On 03/02/21 17:02, John Baldwin wrote: > On 2/2/21 10:16 PM, Hartmann, O. wrote: >> On Mon, 1 Feb 2021 03:24:45 +0000 >> Rick Macklem <rmacklem_at_uoguelph.ca> wrote: >> >>> Rick Macklem wrote: >>>> Guido Falsi wrote: >>>> [good stuff snipped] >>>>> Performed a full bisect. Tracked it down to commit aa906e2a4957, >>>>> adding >>>>> KTLS support to embedded OpenSSL. >>>>> >>>>> I filed a bug report about this: >>>>> >>>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135 >>>>> >>>>> >>>>> Apart from switching to svn:// scheme, another workaround is to build >>>>> base using WITHOUT_OPENSSL_KTLS. >>>> Just fyi, when I tested the daemons I have for nfs-over-tls (which >>>> use ktls), >>>> they acted like things were ok (no handshake problems), but the data >>>> ended up on the wire unencrypted (nfs-over-tls doesn't do a >>>> SSL_write(), >>>> so it depends on ktls to do the encryption). >>>> >>>> Since these daemons work fine with openssl3 in >>>> ports/security/openssl-devel, >>>> I suspect the ktls backport is not quite right. I've sent jhb_at_ email. >>> I was wrong on the above. I did a full buildworld/installworld and >>> the daemons >>> now seem to work with the openssl in head/main. >>> >>> Btw, did anyone try rebuilding svn from sources after doing >>> the system upgrade? >>> (The openssl library calls and .h files definitely changed.) >> >> Yes, I did, on all boxes and its a pain in the a..., we had to rebuild >> EVERY port (at >> least, I did, to avoid further problem). Yesterday, on of our fastes >> boxes got ready and >> even with a full rebuild of the system AND a full rebuild of the ports >> (no poudriere, >> traditional way via make), the Apache 2.4 webservice doesn't work, and >> so does subversion >> not (Firefox reports problems with SSL handshake, subversion is >> stuck/frozen forever). >> I will run today another full world build today, hopefully finishing >> on friday (portmaster >> -dfR doesn't get everything in line on some ports, I assume). >> >> oh > > I tracked the subversion hang down to a bug in serf (an Apache library > used by > subversion). It would also affect any other software using serf. The > serf in > ports will also have to be patched. > I submitted your patch as a bug report to the serf port: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253214 -- Guido Falsi <mad_at_madpilot.net>Received on Wed Feb 03 2021 - 15:34:29 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:27 UTC