Date: Thu, 1 Aug 2002 15:36:02 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> To: Terry Lambert <tlambert2@mindspring.com> Cc: Mikhail Teterin <mi+mx@aldan.algebra.com>, Alexandr Kovalenko <never@nevermind.kiev.ua>, arch@FreeBSD.ORG Subject: Re: OpenSSL vs. -lmd Message-ID: <20020801203601.GA27367@madman.nectar.cc> In-Reply-To: <3D4998F9.A736EA85@mindspring.com> References: <200207311641.g6VGfRWj099655@freefall.freebsd.org> <20020801143059.GA536@nevermind.kiev.ua> <200208011151.55478.mi%2Bmx@aldan.algebra.com> <3D498FB4.6987B696@mindspring.com> <20020801195640.GQ26797@madman.nectar.cc> <3D4998F9.A736EA85@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 01, 2002 at 01:24:25PM -0700, Terry Lambert wrote: > "Jacques A. Vidrine" wrote: > > > and is so mixed up > > > in various code that it's hard to keep up with changes for > > > security updates. > > > > Updating it required only some very minor build-infrastructure changes > > outside of src/crypto/openssl. I'm not sure what you mean here. > > It is hard to update to the latest version of the code on a > FreeBSD 4.6-RELEASE box. I still don't follow. # cd /usr/src # patch -s < /path/to/openssl.patch <rebuild the world> Done. > > > whereas the > > > other things that come with the package can change rather > > > frequently, since they speak to policy. > > > > I don't understand. > > Code which implements policy. That's what I don't understand. To what code (that implements policy) are you referring? > > > Consider that it is very hard to use an updated OpenSSL (e.g. > > > 0.9.7-Beta or 0.9.6e) with FreeBSD these days. > > > > Hmm, all versions of FreeBSD have OpenSSL 0.9.6e. > > Even those released before 0.9.6e was available? We may be talking past each other ... 4.4-RELEASE, 4.5-RELEASE, and 4.6-RELEASE may all be trivially upgraded to OpenSSL 0.9.6e using either `patch' or `cvsup'. All of these were released prior to the existence of OpenSSL 0.9.6e. > > > I haven't looked > > at 0.9.7 personally, but I can't imagine what would prevent one from > > using it on FreeBSD. > > The same thing that prevents people from using the newer > BIND resolver libraries: the code is maintained seperately > from the FreeBSD project by an outside third party. Oh, you mean it is non-trivial to have the FreeBSD base utilities build against a newer OpenSSL? Yes, I'm don't doubt that could be true, particularly if the API has changed. But as usual I'm too dense to get your point. > No. I mean that I can't build something that will build on > FreeBSD *and* build on some other platform, without having > to inventory all of the implicitly installed packages on FreeBSD > to know which OpenSSL I'm getting. That's not true --- there are plenty of applications which use OpenSSL, and that build find on FreeBSD and other platforms, without explicit knowledge of what FreeBSD has or does not have in the base system. I can't help but feel that I am completely missing your meaning, since surely you cannot be unaware of that fact, or of the existence and function of things like `autoconf' designed to address that exact issue. > > I'm not sure how providing duplicate implementations of the digest > > functions is useful or desirable. I'm in no hurry to ditch libmd, but > > I do hope to get around to it someday. > > Duplicate functions aren't desirable, but someone imported the > OpenSSL implementations anyway. 8-). :-) Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020801203601.GA27367>