[Bug 215197] security/p5-Crypt-SMIME cannot be built with LibreSSL because CMS support is disabled

Sat Dec 10 18:18:56 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215197

--- Comment #7 from John Hein <z7dr6ut7gs at snkmail.com> ---
Peter, sorry for not reading your original post closely enough and piggybacking
the FreeBSD 9 issue here.  Perhaps I should open a new bug for that, but
hopefully someone will pick up that patch and apply it.  If not, I'll move to a
new bug.

The least I can do is dig into your issue more closely.  It looks like libressl
has had CMS disabled upstream since "day one".  I haven't really been following
libressl much, but it seems they just have not implemented CMS.  And in
September they removed it from libressl-portable (commit
df207699777fe7a671df25998808dac473903678).

So it seems like libressl is avoiding CMS at the least.  In any case, I don't
see an easy fix.

The crypt-smime change in 0.91 says:

+0.19    Fri Dec  2 13:22:27 JST 2016
+        - Use RFC-5652 CMS functions instead of PKCS#7 ones for better
+          interoperability,  Suggested by Hib Engler <h [...]
+          killercool.net>.  CMS has a backwards compatibility with
+          PKCS#7 so the change should introduce no compat issues.

I did see another project where there was a workaround to fall back to pkcs#7 :

https://patchwork.kernel.org/patch/8463141/

In any case, I still don't know what the fix is for your issue (which seems to
perhaps be more of a problem with libressl?).  If CMS is disabled by libressl
for good reasons, perhaps Crypt-SMIME is going in the wrong direction.  But it
could be that libressl is just sweeping it under the rug since they don't want
to deal with CMS right now.  I can't read the tea leaves well enough to
discern.  Maybe a libressl expert could help more.

Again, sorry for my too-hasty initial read of your bug report and the ensuing
confusion.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.