Date: Fri, 25 Feb 2000 17:53:34 +0800 From: Peter Wemm <peter@netplex.com.au> To: Kris Kennaway <kris@FreeBSD.org> Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure/lib Makefile src/secure/lib/libcrypto Makefile Makefile.inc Message-ID: <20000225095334.D10C21CD7@overcee.netplex.com.au> In-Reply-To: Message from Kris Kennaway <kris@FreeBSD.org> of "Fri, 25 Feb 2000 01:42:50 PST." <Pine.BSF.4.21.0002250130090.57682-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote:
> On Fri, 25 Feb 2000, Peter Wemm wrote:
>
> > Where does libRSAglue actually come from? The case where openssl is config
ured
> > for using RSAREF? Well, things using openssl now don't even have to know.
> > We can totally leave out -lrsaref and -lRSAglue now.
>
> If OpenSSL is built with -DRSAref then it builds libRSAglue which contains
> the wrapper functions for librsaref. I really don't know why it's done
> outside of libcrypto - functionally I couldn't find a reason for it (in my
> initial version I didn't have a librsaglue and everything was fully
> functional), but perhaps it was an old infrastructural wart of some kind.
> (Incidentally, if you build the official OpenSSL distribution with
> -DRSAref then it still compiles in the "native" RSA cryptographic
> primitives, they just don't get called by the main code. You can call them
> directly from your own code if you like, which seems to me to be rather
> bad from a legal standpoint :-) Our version doesn't have this problem..)
>
> Even though it's perfectly functional to have librsaglue inside libcrypto,
> ports assume they must link with librsaglue if they decide they're using
> rsaref - this is perfectly justified because the official OpenSSL works
> that way (and requires it). Unfortunately, there is no consistency in how
> they go about looking for rsaref, and without at least emulating it we'll
> break out-of-the-box compilation for lots of software.
OK, I think I've got a handle on that now.. :-/
> > Anyway, making a fake libRSAglue.a will fix the ports although it'd be
> > better to fix the problem completely I think.
>
> We could make yet another pass over all of the openssl ports in the ports
> collection for the New Order, but it's an uphill job unless our openssl
> works "the same" as the standard one, i.e. has the same library semantics.
I'm reluctant to do this just yet, I'd rather have it all "jsut work" for
now if possible. I've been looking at bsd.port.mk and a couple of the
ports that refer to USE_OPENSSL etc and think it's just about covered (with
band-aid's and sticky-tape).
> Kris
Cheers,
-Peter
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000225095334.D10C21CD7>