First my apologies for breaking the thread. We also had this issue and tried to find an acceptable solution. To make a long story short:
Please try to compile your application against the version of openssl available in the ports tree. As you already mentioned (SA-09:15) breaks renegotiation with base system's openssl by fixing a security issue ( it actually does). Prerequisite for the following is, of course, to install /usr/ports/security/openssl which will give you openssl 0.9.8l . (You do not necessarily have to remove the base openssl) You may then set 'WITH_OPENSSL_PORT=YES' to /etc/make.conf and rebuild your application(s) with via the ports, they should then be compiled correctly against the ports-version. Or, but this will only work if if your application's configure script has a switch to set the path to ssl or openssl to the ports-openssl's location, something like # setenv LD_LIBRARY_PATH /usr/local/lib ## this actually may be removed after build and configure with the appropriate option maybe alike # ./configure --openssl-path=/usr/local/lib Just make sure it compiled properly. The output of ldd should show (apart from other): # ldd application /app/li/cation ...... libssl.so.5 => /usr/local/lib/libssl.so.5 (0x881bc000) libcrypto.so.5 => /usr/local/lib/libcrypto.so.5 (0x88200000) . ........ For the applications we use, this works with both versions of openssl on the same box, without any i interference. Considerations about this ? HTH _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"