md2 on current and 10.
olli hauer
ohauer at gmx.de
Fri Dec 20 18:38:13 UTC 2013
On 2013-12-20 19:04, Mikhail T. wrote:
> On 20.12.2013 12:52, olli hauer wrote:
>> Hm the config script tests for md2 and sha1 ...
>> What happens if md2 support is removed from the code?
> Yes, the md2 can be removed from the set of digests made available by the port
> -- that's not a problem.
>
> What I wanted to know, was why? Maybe, the header files should've been replaced
> with ones containing an #error (like malloc.h was)... Oh well...
>
> -mi
md2 was deprecated in 2009 by the openssl project
http://cvs.openssl.org/chngview?cn=18381
CVE-2009-2409
As fas as I know some Linux based projects have removed md2 from openssl-0.9.x in 2009.
I have no answer why FreeBSD 8/9 has the old openssl-0.9.8y and md2 support was not removed.
--
olli
More information about the freebsd-current
mailing list