1. grahamperrin

    Using poudriere to build net/citrix_ica

    /usr/local/etc/poudriere.d/make.conf comprises one line: ICA_CERTS=quovadis_quovadiseuropeevsslcag1_der.crt Attempts to build net/citrix_ica fail. Using SSL Preferences (KDE Plasma, pictured below) to trust the certificate does not resolve the issue. Please, what should I do? (I'm almost...
  2. O

    Solved OpenSSL version appears differently from inside and outside of jail

    After updating freebsd and jails to 13.0 release patch 4 I tried to verify everthing was up to date. However when checking the openssl version in my jail I noticed something strange. Inside the jail openssl version produced the output: OpenSSL 1.1.1k-freebsd 25 Mar 2021 But invoking version...
  3. J

    Solved Help compiling sendmail with OpenSSL base (1.0.2) vs. ports (1.1.1)

    I have let my installation drift a bit, so it is running an outdated 11.3-RELEASE-p3. I'm currently doing a source upgrade to 11.4, and from there I'm planning to jump to 12.x. But currently I'm stuck on the 11.4 compile, because sendmail fails. The compile error is: main.o: In function...
  4. B

    Simple encrypt and decrypt folder

    Hi, I have test directory with one file inside test.txt and I want to encrypt it and compress Encrypt and compress command below: tar cfz - test | openssl enc -aes-256-cbc -a -k test -salt > test.tar.gz It's creating file but i can't decrypt it. How unpack it in one command ?
  5. T

    Custom MariaDB ODBC port

    Hello all, I've need of MariaDB ODBC in addition to the client/server installed. I've looked at the ODBC dependent databases/mariadb-connector-c and it seems to be subset of databases/mariadb10[3,4]-client. Thus, I tried creating a custom port where the ODBC depends/links to the client...
  6. D

    Solved BACULA - bacula9-server and client not compiling after move from openssl111 to openssl

    Hello everyone, Following the rename of security/openssl111 to security/openssl, I've rebuilt all of my packages depending on OpenSSL, but I got an error from sysutils/bacula9-client : --- bacula-fd --- /usr/bin/ld: warning:, needed by /usr/local/lib/, not found (try...
  7. T

    Solved Openldap TLS: could not use certificate

    I am trying to setup openldap to use TLS with openssl. After following the instructions at and fixing the permissions issues, I ran into this: TLS: could not use certificate `/usr/local/etc/openldap/certs/cert.csr'. TLS: error:0909006C: PEM...
  8. jontheil

    Apache 2.4 errors on 12.0-RELEASE

    I have an installation of www/apache24 that have been running flawlessly for years. I made some changes (installed www/nextcloud, configured a nullfs etc.). After that, I haven't been able to start the web server with my usual configuration. When both mod_perl and mod_ssl are disabled, the...
  9. dougs

    zabbix34-server fails to install after 12.0-RELEASE upgrade

    After performing the following: # freebsd-update -r 12.0-RELEASE upgrade # freebsd-update install # reboot # freebsd-update install # portmaster -af I ran into an issue with reinstalling zabbix34-server due to the openssl situation. <...snip...> checking for DTLSv1_method in -lssl... yes...
  10. noodlefling

    Solved wrong openssl library version required after botched system upgrade

    I recently updated from 10.4-RELEASE to 11.2-RELEASE. The upgrade was not clean, as the system ran out of space a couple of times and things got seriously out of whack. There was a rollback that put the system in a weird state. Eventually, I thought I'd gotten it all sorted out. Once it looked...
  11. Charlie Root

    Solved SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

    Hi, I have renew certificate for my site. They crt and key file applied to nginx is running on Centos 7 host. It is working well. However, this pair of key-cert file has issue when applied to nginx in a freeBSD 11.1-RELEASE server # nginx -t nginx: [emerg]...
  12. Duffyx

    OpenSSL engine and cryptodev

    When issuing openssl engine I get the following output: root@vados:~ # openssl engine (rdrand) Intel RDRAND engine (dynamic) Dynamic engine loading support When loading cryptodev with kldload cryptodev and issuing above command again: root@vados:~ # kldload cryptodev root@vados:~ # openssl...
  13. FKEinternet

    Solved Sendmail process crash as soon as STARTTLS is received after FreeBSD upgrade

    I just upgraded my server from FreeBSD 10.3 to 11.1. It's now running Sendmail 8.15.2 and OpenSSL 1.0.2k-freebsd 26 Jan 2017. Since the upgrade, sending mail to my server is failing: Every time a remote MTA sends a STARTTLS command, the current sendmail instance crashes. I temporarily stopped...
  14. arader

    OpenSSL almost 10x faster than LibreSSL?

    Hi all, I’m investigating some slow VPN speeds on my router, and I’m trying to make sense of what I’m seeing. Non-VPN’d traffic can hit >1gb/s through the router, so I know it’s not a throughput problem. This got me investigating crypto performance, and on all my machines, I’ve found that...
  15. E

    Compile GELI with OpenSSL from ports

    FreeBSD 11.1 i386 I have compiled and installed openssl from ports, so there are: a) /usr/bin/openssl (OpenSSL 1.0.2k-freebsd 26 Jan 2017) with /lib/, /usr/lib/ and b) /usr/local/bin/openssl (OpenSSL 1.0.2n 7 Dec 2017) with /usr/local/lib/
  16. O

    OpenSIPS: How to force to compile with OpenSSL from base instead of LibreSSL?

    Hello, I'm building all my packages with poudriere and they are linked with LibreSSL (using "DEFAULT_VERSIONS+=ssl=libressl-devel" in my make.conf) I'd like to use net/opensips but it doesn't works with LibreSSL, I'm getting this error messages: ERROR:tls_mgm:mod_init: unable to set the memory...
  17. henninb

    Solved Apache/SSL setup not working with Firefox

    I am working on setting up SSL on apache24 web server on my local network with a self signed certificate. I am able to confirm it is working with curl and openssl (see the details below), however I am not able to get it working with firefox. I imported my self signed cert to firefox, however...
  18. daBee

    LAN Development 'Domain' SSL Setup

    I'm wanting to generate a self-signed certificate for LAN-only development and testing. The virtual host will be alpha.local, and it is only for nginx serving. The handbook requires a machine name for a virtual host, i.e.: Common Name (e.g. server FQDN or YOUR name)...
  19. Donald Baud

    HowTo: SSL/TLS certificates with

    Note: this post is amended because the updated port security/ is now using its own convention home directory /var/db/acme with dedicated user/group acme:acme The idea is to limit the use of elevated privileges as much as possible. ================ - What is this about? security/
  20. Petr Fischer

    Solved Building nginx in a jail with ssl=base (without openssl port dependency)

    Hello, I am trying to build nginx from ports, but I don't want dependency to openssl from ports. I want "base" FreeBSD openssl. Default nginx package has no dependency to external openssl package. I am building in a jail. I have this in make.conf: WRKDIRPREFIX= /var/ports DISTDIR=...