Feature #8982
closed
Support building with OpenSSL 1.1
Added by Andy Fiddaman over 4 years ago.
Updated about 4 years ago.
Category:
lib - userland libraries
Description
The following gate components fail to build against OpenSSL 1.1 due to API changes.
- sendmail
- libpkcs11
- libkrb5
- libkmf
- wanboot
(OpenSSL 1.0 is supported until 2019-12-31 but distributions may wish to get ahead, we plan to move mostly to v1.1 in OmniOS as of November 2018)
We've started this work at https://github.com/omniosorg/illumos-omnios/tree/openssl
- Related to Feature #9156: Remove openssl dependency from pkcs11_tpm added
Notes from testing krb5 pkinit preauth.
bloody# klist
klist: No credentials cache file found (ticket cache FILE:/tmp/krb5cc_0)
bloody# kinit bloody.omniosce.org
Apr 13 20:04:54 bloody krb5kdc[7503](info): AS_REQ (7 etypes {18 17 16 23 24 3 1}) 172.27.10.9: NEEDED_PREAUTH: bloody.omniosce.org@OMNIOSCE.ORG for krbtgt/OMNIOSCE.ORG@OMNIOSCE.ORG, Additional pre-authentication required
Apr 13 20:04:54 bloody krb5kdc[7503](info): AS_REQ (7 etypes {18 17 16 23 24 3 1}) 172.27.10.9: ISSUE: authtime 1523649894, etypes {rep=18 tkt=18 ses=18}, bloody.omniosce.org@OMNIOSCE.ORG for krbtgt/OMNIOSCE.ORG@OMNIOSCE.ORG
bloody# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: bloody.omniosce.org@OMNIOSCE.ORG
Valid starting Expires Service principal
04/13/18 20:04:54 04/14/18 04:04:54 krbtgt/OMNIOSCE.ORG@OMNIOSCE.ORG
renew until 04/20/18 20:04:54
Testing notes for kmf openssl backend:
DSA & RSA import
bloody% pktool import keystore=file infile=rsa.p12 outkey=l.pem outcert=ll.pem
Enter password to use for accessing the PKCS12 file:
Found 1 certificate(s) and 1 key(s) in rsa.p12
bloody% pktool import keystore=file infile=dsa.p12 outkey=l.pem outcert=ll.pem
Enter password to use for accessing the PKCS12 file:
Found 1 certificate(s) and 1 key(s) in dsa.p12
Certificate/key creation:
for type in rsa dsa; do
pktool gencert keystore=file \
outcert=$certs/$type-cert.pem \
outkey=$certs/$type-key.pem \
serial=1 \
subject="CN=illumos tester" \
format=pem \
keytype=$type \
keylen=2048 \
lifetime=1-year
done
- Status changed from New to Closed
- % Done changed from 40 to 100
git commit 300fdee27f8b59b381c1a0316bdee52fdfdb9213
commit 300fdee27f8b59b381c1a0316bdee52fdfdb9213
Author: Andy Fiddaman <omnios@citrus-it.co.uk>
Date: 2018-05-03T02:06:02.000Z
8982 Support building with OpenSSL 1.1
Reviewed by: Dominik Hassler <hadfl@omniosce.org>
Reviewed by: Igor Kozhukhov <igor@dilos.org>
Reviewed by: Ken Mays <maybird1776@yahoo.com>
Reviewed by: Jason King <jason.king@joyent.com>
Approved by: Dan McDonald <danmcd@joyent.com>
- Related to Bug #9546: Restore support for building against LibreSSL added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by