Manual Installation of Fixed OpenSSL?
-
Hello,
I'd like to think that fixing OpenSSL would be as simple as:
- pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/Latest/openssl.tbz
(Once the package gets rebuilt from ports…) - Restart various services ...
Has anyone tried this? I'm presently building an 8.3 system in hopes of building the package myself. It SHOULD work, but I don't know how weird pfsense is . . .
Thanks,
-dannyUPDATE: It should work ... https://doc.pfsense.org/index.php/Installing_FreeBSD_Packages
- pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/Latest/openssl.tbz
-
Don't. We'll have updates out soon.
-
-
My understanding from quickly glancing over the forums is there are multiple OpenSSL binaries in pfSense and the main OS OpenSSL wasn't vulnerable to begin with, but the one that pfSense bundles (used by webgui, vpn, etc) is. And to make matters more confusing packages themsevles may bundle their own versions of OpenSSL. So I think at best your process won't fix anything and at worse could require a reinstall.