Date: Sun, 13 Apr 2014 09:46:46 +0200 From: Matthias Apitz <guru@unixarea.de> To: freebsd-current@freebsd.org Subject: Re: recompiling openssl in base system with -DOPENSSL_NO_HEARTBEATS Message-ID: <20140413074646.GA26600@La-Habana> In-Reply-To: <20140413070340.GA25589@La-Habana> References: <20140413070340.GA25589@La-Habana>
next in thread | previous in thread | raw e-mail | index | archive | help
El día Sunday, April 13, 2014 a las 09:03:40AM +0200, Matthias Apitz escribió: > > Hello, > > I run a bunch of -CURRENT systems and due to the OpenSSL HEARTBEAT issue > I want to recompile the libssl.so in the base system with the option > -DOPENSSL_NO_HEARTBEATS. > > What is the best procedure to do this? I think the easy way is what I did now: $ ./heartbleed/heartbleed localhost:631 VULNERABLE! we have to recompile libssl.so.7 # cd /usr/src/secure/lib/libssl # vim ../libcrypto/Makefile.inc added to the line -DOPENSSL_NO_HEARTBEATS as shown here: # diff ../libcrypto/Makefile.inc* 12c12 < CFLAGS+= -DTERMIOS -DANSI_SOURCE -DOPENSSL_NO_HEARTBEATS --- > CFLAGS+= -DTERMIOS -DANSI_SOURCE # make # make install $ ~/heartbleed/heartbleed localhost:631 NOT VULNERABLE (TLS Heartbeat extension not supported by the server) -- Matthias Apitz | /"\ ASCII Ribbon Campaign: E-mail: guru@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X - No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140413074646.GA26600>