Forum Overview :: Site Comments
 
There will be no mail server for some time (weeks), and it is out of my hands by Senor Barborito 03/31/2003, 11:55am PST
I have taken the latest OpenSSL 0.9.7a code, handpatched the March 17th and 19th vulnerabilities because there is no release without them available yet, and attempted to get it working on the box for nearly four days now, between four and ten hours of actually concentrating on it every day (not to mention revisiting this problem every other day for the two weeks before that for a couple hours).

It is not going to happen people - I've hit forums, mailing lists, you name it. Stripped out 75% of the standard algorithms, compiled with an UNGODLY number of option combinations and while I have no problems getting successful compilation, 'make test' simply refuses to work in each and every case.

When I ignore this, make install, and attempt to verify the signed site cert «-» caltrops as certificate authority cert validity, it flat out tells me to fuck off.

The verification stage is, curiously, the same part of make test that commits suicide. Please keep in mind I've attempted this somewhere between twenty and thirty times now (rebuilding from scratch AND ignoring make test's bitching).

Without SSL I will NOT run a mail server. I'm sorry, I'm not letting you guys transmit passwords in plaintext - and I'm not going to provide login-capable accounts to everyone who needs mail so that you can use SSH2 + port-forwarding with PUTTY.

The only hope would be to swap back to the GENERIC --stable kernel and try that, but at this point pre-orders for 3.3 have begun and it won't be long before we're on a whole new version which should hopefully fix things. (3.3 is going to be a bit of an uber-release). The reason I say this is because I'm pretty sure one of my custom kernel options was too restrictive and it's responsible for this behavior in what are otherwise stable and popular packages that are very often combined (OBSD ships with OpenSSL).

I expect the next OpenSSL release will be less shitty and will be out soon due to the March 17th & 19th bugs.

Until then, unless anybody has suggestions for me, we're fucked.

--SB
REPLY QUOTE
 
There will be no mail server for some time (weeks), and it is out of my hands by Senor Barborito 03/31/2003, 11:55am PST NEW
 
powered by pointy