GOST in OPENSSL_BASE
Mathieu Arnold
mat at FreeBSD.org
Mon Jul 18 12:12:15 UTC 2016
Hi,
+--On 11 juillet 2016 22:56:00 +0300 Slawa Olhovchenkov <slw at zxy.spb.ru>
wrote:
| On Mon, Jul 11, 2016 at 03:00:39PM -0400, Jung-uk Kim wrote:
|> > .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) &&
|> > ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not
|> > support GOST, add \ DEFAULT_VERSIONS+=ssl=openssl to your
|> > /etc/make.conf and rebuild everything \ that needs SSL.
|> > .endif
|>
|> FreeBSD 9.3 is still supported but GOST is not available there. It
|
| Thanks for clarifications.
|
|> seems the ports maintainer didn't want to break it on 9.3 (CC added).
|> Version check may be needed there.
|
| Thanks!
The idea is that you can't have mixed openssl usage. If you link half your
ports with openssl from base, and half with openssl from ports, you are
going to have dragons attacks, and core dumps. Also, if you are using
openssl from ports, you cannot use GSSAPI from base, for the same reasons.
--
Mathieu Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160718/e36967eb/attachment.sig>
More information about the freebsd-security
mailing list