Bug 193083 - security/sslscan incompatible with new "no-ssl2" feature of security/openssl port
Summary: security/sslscan incompatible with new "no-ssl2" feature of security/openssl ...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-27 23:22 UTC by Leif Velcro
Modified: 2015-04-10 19:01 UTC (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Leif Velcro 2014-08-27 23:22:47 UTC 
The sslscan port does not work when the security/openssl port is compiled without support for SSLv2.  This is a new (and very useful) feature of openssl.

Running sslscan yields the following error:
/usr/local/bin/sslscan: Undefined symbol "SSLv2_client_method"

Rebuilding the sslscan port fails when SSLv2 support is turned off.

There might be other affected ports.  Once sslscan didn't work, I rolled back to openssl with SSLv2 support compiled in and have not continued testing.
Comment 1 John Marino freebsd_committer freebsd_triage 2014-09-04 15:24:41 UTC 
Notifying maintainer of sslscan.

The comment about "could affect other ports" will be lost as the maintainer of sslscan can't do anything about that.
Comment 2 Leif Velcro 2014-09-06 22:42:20 UTC 
I emailed the maintainer before making the bug report and got no response.

Should I create a report for openssl saying the change could affect other ports that depend on it?  It would be more high profile, but again I don't think maintainers of those other ports would necessarily notice, and it's not the openssl maintainer's fault, is it?

Spamming every port that uses openssl and might have a problem doesn't really sound useful either.
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2014-09-07 12:57:12 UTC 
Leif, 

I'd suggest opening an issue report specifically for security/openssl, proposing at least an update to the SSLv2 OPTION description, perhaps warning the user that it may break dependent ports.

If it were me, I'd also report the issue to sslscan authors, to get support for the lack of SSLv2 upstream.

Ultimately I believe these kinds of issues will become more prevalent and upstream projects will end up needing to support it in the long term.

You're right in your assessment that creating in-advance issues here for every port that is affected is probably a bit too much at the moment.

In the meantime, let's try our best to nip as much of it in the bud at the root as we can (security/openssl)
Comment 4 Leif Velcro 2014-09-09 11:17:57 UTC 
Thanks for the suggestions.  I did my best to contact the original authors (I hope the addresses I found are still valid) and I added a bugzilla entry for security/openssl here: <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193482>

Hope it helps!
Comment 5 Leif Velcro 2014-09-25 18:03:48 UTC 
I contacted the original author and he is no longer working on sslscan.  He suggested that the version that has the best chance of being maintained is https://github.com/ioerror/sslscan or any of the forked projects.

Hope that's helpful.
Comment 6 Bernard Spil freebsd_committer freebsd_triage 2015-04-10 19:00:56 UTC 
Fixed in bug #198401 changeset 382059