Date: Wed, 07 Jul 2010 00:26:03 +0200 From: "Matthias Andree" <matthias.andree@gmx.de> To: "Andrew Reilly" <areilly@bigpond.net.au>, "Matthew Seaman" <m.seaman@infracaninophile.co.uk> Cc: Kostik Belousov <kostikbel@gmail.com>, freebsd-current@freebsd.org Subject: Re: Regression in GSSAPI/libxh509 linking? [PR bin/147175] Message-ID: <op.vff0lpmo1e62zd@merlin.emma.line.org> In-Reply-To: <4C337D44.7070107@infracaninophile.co.uk> References: <op.vfexgepa1e62zd@merlin.emma.line.org> <20100706085435.GC13238@deviant.kiev.zoral.com.ua> <4C3317C6.3020009@FreeBSD.org> <20100706123325.GF13238@deviant.kiev.zoral.com.ua> <457406E5-0E8C-4DB0-97B3-C8CAA7DD3AD0@bigpond.net.au> <20100706134636.GG13238@deviant.kiev.zoral.com.ua> <9BB48431-AF0F-4DEA-8F9F-35830E147E68@bigpond.net.au> <4C337D44.7070107@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 06.07.2010, 21:00 Uhr, schrieb Matthew Seaman: > On 06/07/2010 15:14:28, Andrew Reilly wrote: >> So: how should I "fix" this, properly, on my -current system? Is it >> as simple as installing heimdal from ports? I can't remove openssl-1.0: >> that has 191 ports listed in its REQUIRED_BY file. > > Rebuild the port of openssl-1.0.0 after modifying the OPTIONS to include > MD2=on ? Not good given that MD2 is broken. Very broken, not just by a factor of 2^5 or something. Where upon rests the earlier assertion (not by Matthew) that Kerberos V needed MD2 checksums? I can't seem to find that in the KRB5 protocol and checksum RFCs. If it's not mandatory we may want to nuke MD2 from Kerberos to remedy a weakness... Chapter and Verse welcome. Thanks. -- Matthias Andree
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.vff0lpmo1e62zd>