Date: Thu, 01 Aug 2002 18:45:01 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Mikhail Teterin <mi+kde@aldan.algebra.com> Cc: arch@FreeBSD.ORG Subject: Re: OpenSSL vs. -lmd Message-ID: <3D49E41D.57DBF81C@mindspring.com> References: <200207311641.g6VGfRWj099655@freefall.freebsd.org> <200208011830.20096.mi%2Bmx@aldan.algebra.com> <3D49BBEF.F1156C79@mindspring.com> <200208012006.25130@aldan>
next in thread | previous in thread | raw e-mail | index | archive | help
Mikhail Teterin wrote: > Ours does... You _can_ easily install OpenSSL of your choice (you should > use the port, but you don't have to). And yes, you need to make sure your > -I and -L settings point to the right locations, but that is always the case. > > In addition, the openssl port has a setting, with which you overwrite the base > openssl -- letting you easily install the latest and greatest OpenSSL on a not > so latest OS. If there's a port for it. ports/security/openssl/Makefile: PORTVERSION= 0.9.6e ...not very happening, if I need an app_verify_callback() that actually passes the user's void * parameter like it's supposed to, AES CFB or OFB or CTR, RFC2256 compliance for object definitions, IBM 4758 crypto card support, or want Theo de Raadt's security patch for ui_openssl.c, or want X.509 mandatory extension handling or CRL checking, or use PKCS#7 with S/MIME, etc.. That (and a lot more) all requires that I use 0.9.7. > I wonder, why you are not complaining about us having -lc in the base system > :-) After all, with Linux systems you usually have a choice -- glibc/libc/etc. I'll complain about the resolver being in libc, if that'll make you happy... it'll make everyone who has to do name lookups serially so they compalin about IPv6 in Mozilla happy... 8-). > The digests are in -lcrypto. It is the -lssl, that changes (or should > change) more often. > > In any case, I have the same -lcrypto and -lssl versions on my > -current and -stable systems. The libs are quite stable, even if less > so, than the -lmd. > > In any case, same problem (if it is a problem) exists with -lc, -lm > (oh, yes!) and other libraries. Why pick on OpenSSL? Because it was the example in the subject line of a message that wanted to get rid of libmd, making my software dependent on the libcrypt version number when it wasn't before. If I picked a different example, it would just be someone else unhappy, plus people could complain that it was off topic for the subject line. 8-). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D49E41D.57DBF81C>