The branch main has been updated by glebius:
URL:
https://cgit.FreeBSD.org/src/commit/?id=9ab31f821ad1c6bad474510447387c50bef2c24c
commit 9ab31f821ad1c6bad474510447387c50bef2c24c
Author: Gleb Smirnoff <gleb...@freebsd.org>
AuthorDate: 2025-08-25 17:12:52 +0000
Commit: Gleb Smirnoff <gleb...@freebsd.org>
CommitDate: 2025-08-25 17:12:52 +0000
heimdal: fix wrt OpenSSL 3.5
- Bump the library version.
- Don't load the legacy provider. It is no longer enabled by default
and looks like kdc doesn't actually need it.
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D52114
---
kerberos5/lib/libroken/fbsd_ossl_provider_load.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
index 2328041bc166..b8812f207af8 100644
--- a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
+++ b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
@@ -5,10 +5,9 @@
#include <openssl/provider.h>
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-#define CRYPTO_LIBRARY "/lib/libcrypto.so.30"
+#define CRYPTO_LIBRARY "/lib/libcrypto.so.35"
static void fbsd_ossl_provider_unload(void);
static void print_dlerror(char *);
-static OSSL_PROVIDER *legacy;
static OSSL_PROVIDER *deflt;
static int providers_loaded = 0;
static OSSL_PROVIDER * (*ossl_provider_load)(OSSL_LIB_CTX *, const char*) =
NULL;
@@ -25,7 +24,6 @@ fbsd_ossl_provider_unload(void)
}
}
if (providers_loaded == 1) {
- (*ossl_provider_unload)(legacy);
(*ossl_provider_unload)(deflt);
providers_loaded = 0;
}
@@ -61,10 +59,7 @@ fbsd_ossl_provider_load(void)
}
if (providers_loaded == 0) {
- if ((legacy = (*ossl_provider_load)(NULL, "legacy")) == NULL)
- return (EINVAL);
if ((deflt = (*ossl_provider_load)(NULL, "default")) == NULL) {
- (*ossl_provider_unload)(legacy);
return (EINVAL);
}
if (atexit(fbsd_ossl_provider_unload)) {
