On 01/02/21 04:24, Rick Macklem wrote:
Rick Macklem wrote:
Guido Falsi wrote:
[good stuff snipped]
Performed a full bisect. Tracked it down to commit aa906e2a4957, adding
KTLS support to embedded OpenSSL.
I filed a bug report about this:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135
Apart from switching to svn:// scheme, another workaround is to build
base using WITHOUT_OPENSSL_KTLS.
Just fyi, when I tested the daemons I have for nfs-over-tls (which use ktls),
they acted like things were ok (no handshake problems), but the data
ended up on the wire unencrypted (nfs-over-tls doesn't do a SSL_write(),
so it depends on ktls to do the encryption).
Since these daemons work fine with openssl3 in ports/security/openssl-devel,
I suspect the ktls backport is not quite right. I've sent jhb@ email.
I was wrong on the above. I did a full buildworld/installworld and the daemons
now seem to work with the openssl in head/main.
Btw, did anyone try rebuilding svn from sources after doing
the system upgrade?
(The openssl library calls and .h files definitely changed.)
The problem happens with svnlite from base, which should have been
rebuilt and reinstalled with the system upgrade.
I also tested with ports svn which I did rebuild in poudriere and force
reinstalled.
So, actually yes I did rebuild it, but I could force a new rebuild just
to be sure.
--
Guido Falsi <m...@madpilot.net>
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
