Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Jan 2003 19:04:39 +0100
From:      dirk.meyer@dinoex.sub.org (Dirk Meyer)
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: ports/www/apache13-ssl Makefile
Message-ID:  <zP4PlHbq/M@dmeyer.dinoex.sub.org>
References:  <200301201806.h0KI6cQK075036@repoman.freebsd.org> <200301201806.h0KI6cQK075036@repoman.freebsd.org> <200301211107.17466.mi%2Bmx@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Mikhail Teterin schrieb:,

> =   Modified files:
> =     www/apache13-ssl     Makefile 
> =   Log:
> =   - update SSL support.
> =   defaults to openssl port (now 0.9.6.h)
> =   New options:
> =   use the lastest version (now 0.9.7)
> =           USE_OPENSSL_BETA=yes
> =   use the base version with
> =           USE_OPENSSL_BASE=yes
> 
> Just wondering -- why is USE_OPENSSL_BASE not the default? Is not
> that, what USE_OPENSSL has always implied?

Yes it has been ...

1) but USE_SSL is broken for most FreeBSD versions.
   Decision by version needs serious updating for long.
   portmgr refuses any comment on this for 7 month.
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/39054

2) USE_OPENSSL_BASE implies 0.9.6g on stable, older on RELEASES
Users keep steady complaining about not having the recommened version.
(There is no known exploit in the base yet.)

3) reduced the need of OPENSSL_OVERWRITE_BASE=yes

extract from: http://www.openssl.org/news/announce.html
(dated 6th December 2002)
------------                                                           

* Better handling of SSL session caching.
* Better comparison of distinguished names.                        
* Fixes for length problems.                          
* Fixes for uninitialised variables.
* Fixes for memory leaks, some unusual crashes and some race conditions.

We consider OpenSSL 0.9.6h to be the best version of OpenSSL available
and we strongly recommend that users of older versions upgrade as soon
as possible.

------------           
from changelog:       
*) Fix initialization code race conditions

-----------                   

kind regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
- [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org]

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?zP4PlHbq/M>