search for: libressl

...06:38, Val Baranov <val.baranov at duke.edu> wrote: > AIX 7.1 TL5, OpenSSL ver. 1.1.1d. "vac.C" version 11.0.1.23 > Compilation error " The indirection operator cannot be applied to a pointer to an incomplete struct or union " (see full log below) produced for " libressl-api-compat.c ". > No such error if compiled with OpenSSL ver. 1.0.2r (and the earlier versions) > Any idea how to fix? Thank you Are you sure this is the 8.2p1 source? The line numbers from the error messages don't correspond to those in 8.2p1, but they do match 7.9p1. For example...

On 2018-04-07 11:24, Bernard Spil wrote: > On 2018-04-07 9:04, Joel Sing wrote: >> On Friday 06 April 2018 21:31:01 Bernard Spil wrote: >>> Hi, >>> >>> When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA >>> and >>> ECDSA private keys. >>> >>> Error loading key "./id_rsa": invalid format >>> >>> Rebuilding OpenSSH with LibreSSL 2.6.x fixes the issue. I had fixed >>> this >>>...

...his, but I only make it in step (4), needing the first three steps to set up a background to keep my own thoughts clear: 1) Fedora (via Jakub) shows it's possible to patch OpenSSH. 2) OpenVPN (via gert) shows it's possible to build a 'shim' of sorts that allows code to work with libreSSL and OpenSSL 1.1.0. 3) Using that phrase 'as far as I can see' again, it appears that OpenSSH doesn't really care that (1) and (2) are shown as possible. The changes required to implement these solutions, in the best view, can be seen as violating the 'simple/secure' precepts...

...nov <val.baranov at duke.edu> wrote: > > AIX 7.1 TL5, OpenSSL ver. 1.1.1d. "vac.C" version 11.0.1.23 > > Compilation error " The indirection operator cannot be applied to a pointer > to an incomplete struct or union " (see full log below) produced for " libressl- > api-compat.c ". > > No such error if compiled with OpenSSL ver. 1.0.2r (and the earlier > > versions) Any idea how to fix? Thank you > > Are you sure this is the 8.2p1 source? The line numbers from the error > messages don't correspond to those in 8.2p1, but th...

On Friday 06 April 2018 21:31:01 Bernard Spil wrote: > Hi, > > When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA and > ECDSA private keys. > > Error loading key "./id_rsa": invalid format > > Rebuilding OpenSSH with LibreSSL 2.6.x fixes the issue. I had fixed this > issue early on with LibreSSL 2.7 by converting the key to "new file &gt...

On Mon, Nov 9, 2015 at 5:35 PM, Darren Tucker <dtucker at zip.com.au> wrote: > On Tue, Nov 10, 2015 at 9:22 AM, Austin English <austinenglish at gmail.com> wrote: >> Howdy, >> >> I'm attempting to compile openssh-7.1p1 using libressl-2.2.4 for the >> ssl implementation. Unfortunately, this fails to work (tested on >> Debian Unstable and Gentoo): > [...] >> conftest.c:225:4: warning: implicit declaration of function 'exit' >> [-Wimplicit-function-declaration] >> exit(1); >>...

Howdy, I'm attempting to compile openssh-7.1p1 using libressl-2.2.4 for the ssl implementation. Unfortunately, this fails to work (tested on Debian Unstable and Gentoo): cd libressl-2.2.4 ./configure --prefix=/opt/libressl-2.2.4 && make -j8 && sudo make install cd ../openssh-7.1p1 ./configure --with-ssl-dir=/opt/libressl-2.2.4 fails with: ch...

...OpenSSL upstream actually been told directly by OpenSSH that this is a problem, or are they only hearing about this from users trying to compile OpenSSH against 1.1? I've only found evidence of the latter in public mailing list posts so far. > [ about the option of building OpenSSH against LibreSSL on Debian ] > > > This would be a pretty bad option for me as a distributor - it'd > > mean I'd have to keep track of LibreSSL security updates. > > In the past, that has proven noticeably less stressful than keeping > track of OpenSSL security updates, and i think...

libressl is a leaner and safer openssl Sent from ProtonMail Mobile On Wed, Nov 2, 2016 at 12:39 PM, Michael A. Peters <'mpeters at domblogger.net'> wrote: IMHO it would be acceptable to have a LibreSSL patch that is maintained by the people who want it. It's free software, and that kin...

On 02/07/2017 01:42 AM, Alice Wonder wrote: > The software collections looks like it might interfere with some of my > own packaging (repos that build upon EPEL to provide modern server > stack based on LibreSSL and a repo for modern multimedia) Where do you see a conflict? Those packages are structured to avoid conflict with the base platform, but installing into an alternate root (/opt/rh/<package collection>) and are normally active only when specifically enabled in a login session. That is...

Hi, Yesterday I tried to replace the system openssl in a gentoo system with libressl. With openssh an interesting issue popped up: * RAND_bytes in libressl calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes So what's happening is a recursion. arc4random wants to use RAND_bytes and RAND_bytes wants to use a...

...:15 PM, Ingo Schwarze <schwarze at usta.de> wrote: > Hi, > > jpbion at jfwest.com wrote on Wed, Oct 18, 2017 at 05:53:21AM -0700: > >> 4) As a first result, with no judgement on anyone, just looking at the >> data - the root cause of this issue seems to be the split of LibreSSL >> from OpenSSL > > No, you are totally misrepresenting the situation. The root cause > is the split of OpenSSL-1.1 from OpenSSL-1.0, and that OpenSSL > dumped the large and dangerous work of dealing with the large-scale > API change on each and every application project inste...

They have stated they are going to remain API compatible with 1.0.1h (or g, forget which they forked) - their new stuff is outside of libcrypto. On 11/02/2016 04:25 AM, Aki Tuomi wrote: > It does work today, I am just bit worried that it will keep on breaking > with libressl as they evolve their API. I would personally like to avoid > more ifdef hell if possible... > > Aki > > > On 02.11.2016 13:22, Michael A. Peters wrote: >> Standard way to fix it (on the LibreSSL page) is to check for >> LIBRESSL_VERSION_NUMBER - e.g. the patch attached...

Standard way to fix it (on the LibreSSL page) is to check for LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think catches them all where needed. Note the word think. It certainly appears to be working anyway with it. On 11/02/2016 04:07 AM, Aki Tuomi wrote: > After doing some testing by myself, I noticed that libressl,...

--On Tuesday, February 07, 2017 2:33 PM -0800 Alice Wonder <alice at domblogger.net> wrote: > What I mean is this - my LibreSSL package installs in /usr and not in > /opt and that is intentional, so that it is not possible to have both > opennsl-devel and libressl-devel installed at the same time, since they > both are the same API. That's the very problem that Software Collections endeavors to solve. If you...

Hello list, I've recently been working with LibreSSL on CentOS 7 and I thought I'd share it. I would be cautious about using it on production servers, but it seems to be behaving itself for me. https://librelamp.com/ I packaged it to install in parallel with OpenSSL rather than replace it. Apache (2.4.16), MariaDB (5.5.45) and PHP (5.6.12)...

Hi folks, I searched the list for LibreSSL and found only one mention of it! Has anyone gotten this working? I have it compiling no problem, but removing OpenSSL is another story of course. It seems to be compiled with FIPS support and of course there is no such thing in LibreSSL - that is something they tore out thanks, -Alan -- &quo...

.... Did I miss any significant development? In the `meantime', OpenSSL provides a kind of compat layer [3] which (they suggested) should be included in the downstream projects [4]. Is this enough / acceptable? What would the project like to see? I know that OpenBSD itself is more focused on the LibreSSL library but I would like to avoid that every one carries (and maintains) a big patch around. [0] https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-September/035378.html [1] I know that Fedora ships it. [2] https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-November/035456.html [3] h...

...underbird has a MITM vulnerability with its otherwise rather groovy >> auto-configuration feature. > >> https://librelamp.com/FooBird#security >> >> has what I think would be the easiest solution while keeping the >> ability to auto-configure stuff. > > As for LibreSSL et al, perhaps you could mention all your concerns on > Fedora ? Its the place where, it often seems, everything in Centos > originates from. > > You will benefit from your own mailing list/web forum. Your attitude and > concerns are not unique. > > I stopped using Fedora beca...

With 2.2.2 release http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt is there a paln to provide a drop-in replacement of OpenSSL? -- Ciao, luigi / +--[Luigi Rosa]-- \ Furious activity is no substitute for understanding. --H. H. Williams