Closed fichtner closed 7 months ago
if it's only for our ddclient alternative, it make be an idea to see if export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
would fix it. (https://cryptography.io/en/latest/openssl/#legacy-provider-in-openssl-3-x)
@AdSchellevis the same actually applies to aliases since it's all Python scripts... https://forum.opnsense.org/index.php?topic=37108.0 so I guess that explains the behaviour recently reported about OpenSSL 3/alias combo.
yep, it expects https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html to support older algorithms, probably an openssl build flag
So this https://github.com/opnsense/tools/commit/57711c6b ?! So now this isn't a Python issue, it's a FreeBSD ports defaults issue??? -.-
I'm afraid so, yes
(missed it the first time as well, but reading a bit deeper indeed points into a different direction)
at least from my perspective that is the ideal fix for the time being. trying to confirm now but the nightly download is a bit slow at the moment
Voiced concern over FreeBSD ports handling here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273656 ... maybe py-cryptography is the right place to bring a "fix" in for everyone else but I'd think we cannot go without legacy for a while anyway.
Confirmed fixed via https://forum.opnsense.org/index.php?topic=37108.msg181665#msg181665 (original reporter of ddclient native issue).
Important notices
Our forum is located at https://forum.opnsense.org , please consider joining discussions there in stead of using GitHub for these matters.
Before you ask a new question, we ask you kindly to acknowledge the following:
Collection of random things to take care of:
dns/ddclient (native):