Date: Fri, 18 Feb 2000 20:23:18 -0800 (PST) From: Kris Kennaway <kris@FreeBSD.org> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: freebsd-current@FreeBSD.org Subject: Re: Supported ways to do RSA/OpenSSL on 4.0? Message-ID: <Pine.BSF.4.21.0002182010580.58012-100000@freefall.freebsd.org> In-Reply-To: <Pine.BSF.3.96.1000218194104.39111M-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Feb 2000, Robert Watson wrote: > I was pointed to you for questions regarding whether or not certain ports > would be working udner 4.0-RELEASE -- specifically, OpenSSH and related > applications which depend on SSL/RSA. All of the ports which explicitly depend on openssl should be working on all supported versions of FreeBSD, modulo screwups :) Jim Bloom has been putting a lot of work into getting these working - I have a couple of patches to commit, but they mostly seem to work fine as far as I've heard. However, Jordan mailed me this morning about a build problem with openssh on a fresh installation which looks very strange - it's like the test for a RSA-enabled openssl is falsely passing, which causes the build to die. This may be the problem you're seeing - as yet I don't have any real clues about why. Could you send me a build log from one of the failing ports as well as the output of 'nm /usr/lib/libcrypto.a | grep RSA_free'? Is this a fresh installation, i.e. with no older cruft possibly lying around? > Do we plan to provide a consistent and documented way for users of > FreeBSD to go from the RSA-disabled base library set to the > RSA-enabled set, and in a way that provides adequate instruction? I > get rather uninformative errors when trying to compile See chapter 6.5 in the handbook. > OpenSSH, SSLproxy, and Apache13-modssl, none of which is discovered by the > ports mechanism, rather the application makefiles. While I understand > that you are not the maintainer for these ports,... :-) > > It might be nice, for example, to have a stage in sysinstall for > crypto-configuration--it would also be accessible post-install, and would > provide easy access to install via package the underlying RSA libraries, > with appropriate documentation of licensing issues and confirmation of > location, etc. Presumably one could back-end this onto a set of ports or > packages, so there would be more scalable command line/scriptable > interface. The packages already exist and are described in the handbook, except they haven't yet made it onto the ftp site. You can pick them up from http://www.freebsd.org/~kris/openssl in the meantime. Sysinstall support is something I'd definitely like to see, but not something I have time (or knowledge) to do right now. I'll be adding some instructions to the release notes this weekend, and it should be giving a helpful error message if you try and install a port which requires RSA and you have a non-RSA library: .if ${USE_OPENSSL} == RSA _HASRSA= "`/usr/bin/nm /usr/lib/libcrypto.a | /usr/bin/grep RSA_free`" .if empty(_HASRSA) .BEGIN: @${ECHO} "This port requires RSA crypto, which is not present in your" @${ECHO} "version of OpenSSL. Please see Chapter 6.5 in the handbook" @${ECHO} "for a description of the problem and alternative solutions." @${FALSE} .endif .endif Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0002182010580.58012-100000>