From owner-freebsd-questions@freebsd.org  Sun Feb  9 07:35:39 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4488E22FEAC
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Sun,  9 Feb 2020 07:35:39 +0000 (UTC)
 (envelope-from ihor@antonovs.family)
Received: from mail.antonovs.family (mail.antonovs.family [100.25.240.195])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 48Fgn56zWwz3Jhn
 for <freebsd-questions@freebsd.org>; Sun,  9 Feb 2020 07:35:37 +0000 (UTC)
 (envelope-from ihor@antonovs.family)
Received: from localhost (localhost [127.0.0.1])
 by mail.antonovs.family (Postfix) with ESMTP id BE4BB138BAA
 for <freebsd-questions@freebsd.org>; Sun,  9 Feb 2020 07:35:31 +0000 (UTC)
Received: from mail.antonovs.family ([127.0.0.1])
 by localhost (mail.antonovs.family [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id sM0Cvnsc6Hic for <freebsd-questions@freebsd.org>;
 Sun,  9 Feb 2020 07:35:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by mail.antonovs.family (Postfix) with ESMTP id 7BE11138BB3
 for <freebsd-questions@freebsd.org>; Sun,  9 Feb 2020 07:35:31 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.antonovs.family 7BE11138BB3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=antonovs.family;
 s=D65AA412-CB7F-11E9-A561-802C9D403B77; t=1581233731;
 bh=RuwyQbNBji9aw9GTI3vE7v/Z4MOAel+JsUUQfzs9s20=;
 h=Date:From:To:Message-ID:MIME-Version;
 b=YUvTi50ACvu+koq5uI57uNdV7B1AMYcz6ZdZlUhYry13NhVTiNFZqiuIoIKx15IgU
 HxR1E71qf+OPpyud5+0LI8a5GKVlyaFu8MaeGbUdxQLbPOHuIsn5r5KvC9i5keYzO7
 C+9/s9sYUhXv8wbxAppItYagsfgbcYdfyHGXBEbsLEqbxuVYLhadBMWSdDXJHfGHZe
 O095vwhhFqn4BE2K8Ng3ZM3BFfQ8QEI+lnejZbn0mGMewW8LcAZ8BQG0y2+vLnNlqs
 qdzIFe+EmMfQjBZEJixTAnU3qozUz9KJSCrJi0dtudVfDUqbFLjP4HhCwM2n5rh/ce
 Z1Ny2qSXIi/6g==
X-Virus-Scanned: amavisd-new at antonovs.family
Received: from mail.antonovs.family ([127.0.0.1])
 by localhost (mail.antonovs.family [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id 2BMWkxkvzpmj for <freebsd-questions@freebsd.org>;
 Sun,  9 Feb 2020 07:35:31 +0000 (UTC)
Received: from localhost (c-73-83-210-79.hsd1.wa.comcast.net [73.83.210.79])
 by mail.antonovs.family (Postfix) with ESMTPSA id 27D68138BAA
 for <freebsd-questions@freebsd.org>; Sun,  9 Feb 2020 07:35:31 +0000 (UTC)
Date: Sat, 8 Feb 2020 23:35:28 -0800
From: Ihor Antonov <ihor@antonovs.family>
To: freebsd-questions@freebsd.org
Subject: Difficulties of LibreSSL in base
Message-ID: <20200209073528.247mb7f4ctvn4w7f@sea-ll-10936>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
X-Rspamd-Queue-Id: 48Fgn56zWwz3Jhn
X-Spamd-Bar: -----
Authentication-Results: mx1.freebsd.org; dkim=pass header.d=antonovs.family
 header.s=D65AA412-CB7F-11E9-A561-802C9D403B77 header.b=YUvTi50A; 
 dmarc=pass (policy=none) header.from=antonovs.family;
 spf=pass (mx1.freebsd.org: domain of ihor@antonovs.family designates
 100.25.240.195 as permitted sender) smtp.mailfrom=ihor@antonovs.family
X-Spamd-Result: default: False [-5.75 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 R_DKIM_ALLOW(-0.20)[antonovs.family:s=D65AA412-CB7F-11E9-A561-802C9D403B77];
 RCVD_COUNT_FIVE(0.00)[6]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 IP_SCORE(-3.25)[ip: (-8.95), ipnet: 100.24.0.0/13(-4.22), asn: 14618(-3.04),
 country: US(-0.05)]; DKIM_TRACE(0.00)[antonovs.family:+];
 DMARC_POLICY_ALLOW(-0.50)[antonovs.family,none];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_EQ_ENVFROM(0.00)[];
 MID_RHS_NOT_FQDN(0.50)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:14618, ipnet:100.24.0.0/13, country:US];
 RCVD_TLS_LAST(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[79.210.83.73.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net
 : 127.0.0.10]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Feb 2020 07:35:39 -0000

Hi evereyone!

I was researching the possibility of building base with LibreSSL (and
without OpenSSL) and I found a few outdated references on the wiki 
[1, 2]. HardenedBSD and LibreBSD [3, 4] projects also seem to have 
tried following that path. But according to git HardenedBSD
have hardly updated LibreSSL in 2 years, and the project does not claim
to have LibreBSD in base [5]


So before diving into the weeds I decided to ask community what dragons
live down that road? What are the challenges?  Have anybody succeeded in
builing base with LibreSSL with recent version (12 or 13)? And if yes
what advice can you give me?

Thanks!


[1] https://wiki.freebsd.org/LibreSSL#Base
[2] https://wiki.freebsd.org/LibreSSL/Base
[3] https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/master/crypto
[4] https://github.com/Sp1l/LibreBSD/tree/releng/11.2/crypto
[5] https://hardenedbsd.org/content/easy-feature-comparison


------------
Ihor Antonov