Date: Fri, 18 Feb 2000 19:57:31 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: freebsd-current@FreeBSD.org Subject: Supported ways to do RSA/OpenSSL on 4.0? Message-ID: <Pine.BSF.3.96.1000218194104.39111M-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
Kris, I was pointed to you for questions regarding whether or not certain ports would be working udner 4.0-RELEASE -- specifically, OpenSSH and related applications which depend on SSL/RSA. Do we plan to provide a consistent and documented way for users of FreeBSD to go from the RSA-disabled base library set to the RSA-enabled set, and in a way that provides adequate instruction? I get rather uninformative errors when trying to compile OpenSSH, SSLproxy, and Apache13-modssl, none of which is discovered by the ports mechanism, rather the application makefiles. While I understand that you are not the maintainer for these ports,... :-) It might be nice, for example, to have a stage in sysinstall for crypto-configuration--it would also be accessible post-install, and would provide easy access to install via package the underlying RSA libraries, with appropriate documentation of licensing issues and confirmation of location, etc. Presumably one could back-end this onto a set of ports or packages, so there would be more scalable command line/scriptable interface. This may already be in the works, but if so it wwasn't obvious from the 02-14 snapshot. Whatever the solution, what's currently there seems to be inadequate :-). Retaining an easy-to-use install path for common crypto-applications, such as SSH, Apache-modssl, SSLproxy, and others, is important as application accessibility (the ports collection) is a big selling point for FreeBSD. In the short term--what is the recommended way to install RSA support without rebuilding world? On real-world systems, rebuilding the world as soon as you have installed is not an option that can be taken seriously--you go from a 1 hour install time (or significantly less) to a build, etc cycle that can take a significant amount of time per-box. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1000218194104.39111M-100000>