1. T

    Custom MariaDB ODBC port

    Hello all, I've need of MariaDB ODBC in addition to the client/server installed. I've looked at the ODBC dependent databases/mariadb-connector-c and it seems to be subset of databases/mariadb10[3,4]-client. Thus, I tried creating a custom port where the ODBC depends/links to the client...
  2. D

    Solved BACULA - bacula9-server and client not compiling after move from openssl111 to openssl

    Hello everyone, Following the rename of security/openssl111 to security/openssl, I've rebuilt all of my packages depending on OpenSSL, but I got an error from sysutils/bacula9-client : --- bacula-fd --- /usr/bin/ld: warning:, needed by /usr/local/lib/, not found (try...
  3. T

    Solved Openldap TLS: could not use certificate

    I am trying to setup openldap to use TLS with openssl. After following the instructions at and fixing the permissions issues, I ran into this: TLS: could not use certificate `/usr/local/etc/openldap/certs/cert.csr'. TLS: error:0909006C: PEM...
  4. jontheil

    Apache 2.4 errors on 12.0-RELEASE

    I have an installation of www/apache24 that have been running flawlessly for years. I made some changes (installed www/nextcloud, configured a nullfs etc.). After that, I haven't been able to start the web server with my usual configuration. When both mod_perl and mod_ssl are disabled, the...
  5. dougs

    zabbix34-server fails to install after 12.0-RELEASE upgrade

    After performing the following: # freebsd-update -r 12.0-RELEASE upgrade # freebsd-update install # reboot # freebsd-update install # portmaster -af I ran into an issue with reinstalling zabbix34-server due to the openssl situation. <...snip...> checking for DTLSv1_method in -lssl... yes...
  6. noodlefling

    Solved wrong openssl library version required after botched system upgrade

    I recently updated from 10.4-RELEASE to 11.2-RELEASE. The upgrade was not clean, as the system ran out of space a couple of times and things got seriously out of whack. There was a rollback that put the system in a weird state. Eventually, I thought I'd gotten it all sorted out. Once it looked...
  7. Charlie Root

    Solved SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

    Hi, I have renew certificate for my site. They crt and key file applied to nginx is running on Centos 7 host. It is working well. However, this pair of key-cert file has issue when applied to nginx in a freeBSD 11.1-RELEASE server # nginx -t nginx: [emerg]...
  8. Duffyx

    OpenSSL engine and cryptodev

    When issuing openssl engine I get the following output: root@vados:~ # openssl engine (rdrand) Intel RDRAND engine (dynamic) Dynamic engine loading support When loading cryptodev with kldload cryptodev and issuing above command again: root@vados:~ # kldload cryptodev root@vados:~ # openssl...
  9. FKEinternet

    Solved Sendmail process crash as soon as STARTTLS is received after FreeBSD upgrade

    I just upgraded my server from FreeBSD 10.3 to 11.1. It's now running Sendmail 8.15.2 and OpenSSL 1.0.2k-freebsd 26 Jan 2017. Since the upgrade, sending mail to my server is failing: Every time a remote MTA sends a STARTTLS command, the current sendmail instance crashes. I temporarily stopped...
  10. arader

    OpenSSL almost 10x faster than LibreSSL?

    Hi all, I’m investigating some slow VPN speeds on my router, and I’m trying to make sense of what I’m seeing. Non-VPN’d traffic can hit >1gb/s through the router, so I know it’s not a throughput problem. This got me investigating crypto performance, and on all my machines, I’ve found that...
  11. E

    Compile GELI with OpenSSL from ports

    FreeBSD 11.1 i386 I have compiled and installed openssl from ports, so there are: a) /usr/bin/openssl (OpenSSL 1.0.2k-freebsd 26 Jan 2017) with /lib/, /usr/lib/ and b) /usr/local/bin/openssl (OpenSSL 1.0.2n 7 Dec 2017) with /usr/local/lib/
  12. O

    OpenSIPS: How to force to compile with OpenSSL from base instead of LibreSSL?

    Hello, I'm building all my packages with poudriere and they are linked with LibreSSL (using "DEFAULT_VERSIONS+=ssl=libressl-devel" in my make.conf) I'd like to use net/opensips but it doesn't works with LibreSSL, I'm getting this error messages: ERROR:tls_mgm:mod_init: unable to set the memory...
  13. henninb

    Solved Apache/SSL setup not working with Firefox

    I am working on setting up SSL on apache24 web server on my local network with a self signed certificate. I am able to confirm it is working with curl and openssl (see the details below), however I am not able to get it working with firefox. I imported my self signed cert to firefox, however...
  14. daBee

    LAN Development 'Domain' SSL Setup

    I'm wanting to generate a self-signed certificate for LAN-only development and testing. The virtual host will be alpha.local, and it is only for nginx serving. The handbook requires a machine name for a virtual host, i.e.: Common Name (e.g. server FQDN or YOUR name)...
  15. Donald Baud

    HowTo: SSL/TLS certificates with

    Note: this post is amended because the updated port security/ is now using its own convention home directory /var/db/acme with dedicated user/group acme:acme The idea is to limit the use of elevated privileges as much as possible. ================ - What is this about? security/
  16. Petr Fischer

    Solved Building nginx in a jail with ssl=base (without openssl port dependency)

    Hello, I am trying to build nginx from ports, but I don't want dependency to openssl from ports. I want "base" FreeBSD openssl. Default nginx package has no dependency to external openssl package. I am building in a jail. I have this in make.conf: WRKDIRPREFIX= /var/ports DISTDIR=...

    Solved FreeBSD 11.2 - OpenSSL without AESNI?

    user@gt:~ % openssl version OpenSSL 1.0.2k-freebsd 26 Jan 2017 user@gt:~ % openssl speed -evp aes-256-gcm -engine aesni invalid engine "aesni" 34380834184:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared...
  18. bibi

    percona56-server with TLSv1.2

    Hello, I have tried installing percona56-server from the ports with the OpenSSL option checked ( as it is by default ) and I have completed the SSL setup and get everything to work properly except that I am stuck with TLSv1. mysql> \s; -------------- mysql Ver 14.14 Distrib 5.6.33-79.0...
  19. joel.bodenmann

    Python OpenSSL versioning issue

    Hello folks, I'm trying to run security/py-certbot on a FreeBSD 10.3 stable jail. When I try to launch it I get the following messages: root@nope:~ # certbot Traceback (most recent call last): File "/usr/local/bin/certbot", line 11, in <module> load_entry_point('certbot==0.9.3'...
  20. timypcr

    openssl-1.0.2_15,1 is vulnerable

    I have two FreeBSD 10.3 servers an audit shows the following pkg audit openssl-1.0.2_15,1 is vulnerable: OpenSSL -- multiple vulnerabilities CVE: CVE-2016-6308 CVE: CVE-2016-6307 CVE: CVE-2016-6306 CVE: CVE-2016-2181 CVE: CVE-2016-2179 CVE: CVE-2016-2178 CVE: CVE-2016-2177 CVE: CVE-2016-2180...