how to follow libressl stable in openBSD 5.6?

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

how to follow libressl stable in openBSD 5.6?

Harald Dunkel-3
Hi folks,

Following OpenBSD 5.6 stable, what is the recommended
procedure to upgrade libressl to the most recent stable
version?


Regards
Harri

Reply | Threaded
Open this post in threaded view
|

Re: how to follow libressl stable in openBSD 5.6?

Maurice McCarthy
On 2015-01-29 09:46, Harald Dunkel wrote:
> Hi folks,
>
> Following OpenBSD 5.6 stable, what is the recommended
> procedure to upgrade libressl to the most recent stable
> version?
>
>
> Regards
> Harri

As the operating system and applications are tightly integrated that
may be a bad idea. More likely it is better to upgrade to current. I'd
think you would be on your own if you compile from source for stable -
and code is changing quickly.

Best Wishes

Reply | Threaded
Open this post in threaded view
|

Re: how to follow libressl stable in openBSD 5.6?

Harald Dunkel-3
On 01/29/15 11:43, Maurice McCarthy wrote:
>
> As the operating system and applications are tightly integrated that may be a bad idea. More likely it is better to upgrade to current. I'd think you would be on your own if you compile from source for stable - and code is changing quickly.
>

According to the FAQs there will be no migration path from
current to openBSD 5.7 stable, so this is not an option. I
would like to go with the stable versions.

I see a library /usr/lib/libssl.so.27.0 on my hosts. It
should be possible to install yet another libssl (e.g.
/usr/lib/libssl.so.42.0) and to rebuild smtpd for this
library without breaking old builds.

Background of this story is: smtpd gives me a lot of errors

Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error

According to the smtpd mailing list its a bug/feature of
libressl. There is a workaround for smtpd, but having a
fixed ssl library is surely the better option.


Regards
Harri

Reply | Threaded
Open this post in threaded view
|

Re: how to follow libressl stable in openBSD 5.6?

Maurice McCarthy
On 2015-01-29 12:07, Harald Dunkel wrote:

> On 01/29/15 11:43, Maurice McCarthy wrote:
>>
>> As the operating system and applications are tightly integrated that
>> may be a bad idea. More likely it is better to upgrade to current. I'd
>> think you would be on your own if you compile from source for stable -
>> and code is changing quickly.
>>
>
> According to the FAQs there will be no migration path from
> current to openBSD 5.7 stable, so this is not an option. I
> would like to go with the stable versions.
>
> I see a library /usr/lib/libssl.so.27.0 on my hosts. It
> should be possible to install yet another libssl (e.g.
> /usr/lib/libssl.so.42.0) and to rebuild smtpd for this
> library without breaking old builds.
>
> Background of this story is: smtpd gives me a lot of errors
>
> Error: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
> decode error
>
> According to the smtpd mailing list its a bug/feature of
> libressl. There is a workaround for smtpd, but having a
> fixed ssl library is surely the better option.
>
>
> Regards
> Harri

I'm afraid you'd need advice from someone a lot more clever than me,
unless that is you can back up and install the current snapshot of 5.7
e.g. from http://artfiles.org/openbsd/snapshots/amd64/install57.iso or
whatever your architecture is.

Sorry
Moss

Reply | Threaded
Open this post in threaded view
|

Re: how to follow libressl stable in openBSD 5.6?

Maurice McCarthy
In reply to this post by Harald Dunkel-3
Harald,

Thinking about it Libressl is not in 5.6 at all. There is only Openssl.
The easiest way to keep stable up to date is to install the openup
script from mtier.
https://stable.mtier.org/

Regards
Moss

Reply | Threaded
Open this post in threaded view
|

Re: how to follow libressl stable in openBSD 5.6?

Harald Dunkel-3
Hi Maurice,

On 01/29/15 15:01, Maurice McCarthy wrote:
> Harald,
>
> Thinking about it Libressl is not in 5.6 at all. There is only Openssl.
> The easiest way to keep stable up to date is to install the openup script from mtier.
> https://stable.mtier.org/
>

Thanx very much for your recommendation. I will check.

Meanwhile I found a fix for the smtpd/openssl problem:

        https://marc.info/?l=openbsd-tech&m=140610367812345&w=2

The fix applies to both openssl and libressl, AFAICS.


Thanx very much
Harri

Reply | Threaded
Open this post in threaded view
|

Re: how to follow libressl stable in openBSD 5.6?

Ralph Siegler
In reply to this post by Maurice McCarthy
On Thu, 29 Jan 2015 14:01:12 +0000, Maurice McCarthy wrote:

> Harald,
>
> Thinking about it Libressl is not in 5.6 at all. There is only Openssl.
> The easiest way to keep stable up to date is to install the openup
> script from mtier.
> https://stable.mtier.org/
>
> Regards Moss

LibreSSL is indeed in 5.6

ziggy@arty /$ uname -v -s -r
OpenBSD 5.6 GENERIC.MP#1

ziggy@arty /$ openssl version
LibreSSL 2.0

Reply | Threaded
Open this post in threaded view
|

Re: how to follow libressl stable in openBSD 5.6?

Maurice McCarthy
On 2015-01-29 21:34, Ralph Siegler wrote:

>
> LibreSSL is indeed in 5.6
>
> ziggy@arty /$ uname -v -s -r
> OpenBSD 5.6 GENERIC.MP#1
>
> ziggy@arty /$ openssl version
> LibreSSL 2.0

Thanks, I stand corrected.