From owner-cvs-all Fri Feb 25 1:53:47 2000 Delivered-To: cvs-all@freebsd.org Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7]) by hub.freebsd.org (Postfix) with ESMTP id E7C1737BED1; Fri, 25 Feb 2000 01:53:36 -0800 (PST) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id D10C21CD7; Fri, 25 Feb 2000 17:53:34 +0800 (WST) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.1.1 10/15/1999 To: Kris Kennaway Cc: "Jordan K. Hubbard" , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure/lib Makefile src/secure/lib/libcrypto Makefile Makefile.inc In-Reply-To: Message from Kris Kennaway of "Fri, 25 Feb 2000 01:42:50 PST." Date: Fri, 25 Feb 2000 17:53:34 +0800 From: Peter Wemm Message-Id: <20000225095334.D10C21CD7@overcee.netplex.com.au> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk Kris Kennaway wrote: > On Fri, 25 Feb 2000, Peter Wemm wrote: > > > Where does libRSAglue actually come from? The case where openssl is config ured > > for using RSAREF? Well, things using openssl now don't even have to know. > > We can totally leave out -lrsaref and -lRSAglue now. > > If OpenSSL is built with -DRSAref then it builds libRSAglue which contains > the wrapper functions for librsaref. I really don't know why it's done > outside of libcrypto - functionally I couldn't find a reason for it (in my > initial version I didn't have a librsaglue and everything was fully > functional), but perhaps it was an old infrastructural wart of some kind. > (Incidentally, if you build the official OpenSSL distribution with > -DRSAref then it still compiles in the "native" RSA cryptographic > primitives, they just don't get called by the main code. You can call them > directly from your own code if you like, which seems to me to be rather > bad from a legal standpoint :-) Our version doesn't have this problem..) > > Even though it's perfectly functional to have librsaglue inside libcrypto, > ports assume they must link with librsaglue if they decide they're using > rsaref - this is perfectly justified because the official OpenSSL works > that way (and requires it). Unfortunately, there is no consistency in how > they go about looking for rsaref, and without at least emulating it we'll > break out-of-the-box compilation for lots of software. OK, I think I've got a handle on that now.. :-/ > > Anyway, making a fake libRSAglue.a will fix the ports although it'd be > > better to fix the problem completely I think. > > We could make yet another pass over all of the openssl ports in the ports > collection for the New Order, but it's an uphill job unless our openssl > works "the same" as the standard one, i.e. has the same library semantics. I'm reluctant to do this just yet, I'd rather have it all "jsut work" for now if possible. I've been looking at bsd.port.mk and a couple of the ports that refer to USE_OPENSSL etc and think it's just about covered (with band-aid's and sticky-tape). > Kris Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message