From owner-freebsd-current Fri Feb 18 16:56:42 2000 Delivered-To: freebsd-current@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id E71C337BB51; Fri, 18 Feb 2000 16:56:38 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id TAA44482; Fri, 18 Feb 2000 19:57:31 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Fri, 18 Feb 2000 19:57:31 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Kris Kennaway Cc: freebsd-current@FreeBSD.org Subject: Supported ways to do RSA/OpenSSL on 4.0? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris, I was pointed to you for questions regarding whether or not certain ports would be working udner 4.0-RELEASE -- specifically, OpenSSH and related applications which depend on SSL/RSA. Do we plan to provide a consistent and documented way for users of FreeBSD to go from the RSA-disabled base library set to the RSA-enabled set, and in a way that provides adequate instruction? I get rather uninformative errors when trying to compile OpenSSH, SSLproxy, and Apache13-modssl, none of which is discovered by the ports mechanism, rather the application makefiles. While I understand that you are not the maintainer for these ports,... :-) It might be nice, for example, to have a stage in sysinstall for crypto-configuration--it would also be accessible post-install, and would provide easy access to install via package the underlying RSA libraries, with appropriate documentation of licensing issues and confirmation of location, etc. Presumably one could back-end this onto a set of ports or packages, so there would be more scalable command line/scriptable interface. This may already be in the works, but if so it wwasn't obvious from the 02-14 snapshot. Whatever the solution, what's currently there seems to be inadequate :-). Retaining an easy-to-use install path for common crypto-applications, such as SSH, Apache-modssl, SSLproxy, and others, is important as application accessibility (the ports collection) is a big selling point for FreeBSD. In the short term--what is the recommended way to install RSA support without rebuilding world? On real-world systems, rebuilding the world as soon as you have installed is not an option that can be taken seriously--you go from a 1 hour install time (or significantly less) to a build, etc cycle that can take a significant amount of time per-box. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message