From owner-cvs-all Tue Jan 21 10:10:40 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D378637B401; Tue, 21 Jan 2003 10:10:38 -0800 (PST) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26D9C43F1E; Tue, 21 Jan 2003 10:10:36 -0800 (PST) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.de [212.184.201.182]) by net2.dinoex.sub.org (8.12.6/8.12.6) with ESMTP id h0LIA60k007803; Tue, 21 Jan 2003 19:10:07 +0100 (CET) (envelope-from dirk.meyer@dinoex.sub.org) X-Authentication-Warning: net2.dinoex.sub.org: Host dinoex@net2.dinoex.de [212.184.201.182] claimed to be net2.dinoex.sub.org Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.6/8.12.6/Submit) with BSMTP id h0LIA56h007799; Tue, 21 Jan 2003 19:10:05 +0100 (CET) (envelope-from dirk.meyer@dinoex.sub.org) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: cvs commit: ports/www/apache13-ssl Makefile Date: Tue, 21 Jan 2003 19:04:39 +0100 X-Mailer: Dinoex 1.79 References: <200301201806.h0KI6cQK075036@repoman.freebsd.org> <200301201806.h0KI6cQK075036@repoman.freebsd.org> <200301211107.17466.mi+mx@aldan.algebra.com> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-Accept-Language: de,en X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-No-Archive: yes X-ZC-VIA: 20030121000000W+1@dinoex.sub.org Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mikhail Teterin schrieb:, > = Modified files: > = www/apache13-ssl Makefile > = Log: > = - update SSL support. > = defaults to openssl port (now 0.9.6.h) > = New options: > = use the lastest version (now 0.9.7) > = USE_OPENSSL_BETA=yes > = use the base version with > = USE_OPENSSL_BASE=yes > > Just wondering -- why is USE_OPENSSL_BASE not the default? Is not > that, what USE_OPENSSL has always implied? Yes it has been ... 1) but USE_SSL is broken for most FreeBSD versions. Decision by version needs serious updating for long. portmgr refuses any comment on this for 7 month. http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/39054 2) USE_OPENSSL_BASE implies 0.9.6g on stable, older on RELEASES Users keep steady complaining about not having the recommened version. (There is no known exploit in the base yet.) 3) reduced the need of OPENSSL_OVERWRITE_BASE=yes extract from: http://www.openssl.org/news/announce.html (dated 6th December 2002) ------------ * Better handling of SSL session caching. * Better comparison of distinguished names. * Fixes for length problems. * Fixes for uninitialised variables. * Fixes for memory leaks, some unusual crashes and some race conditions. We consider OpenSSL 0.9.6h to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. ------------ from changelog: *) Fix initialization code race conditions ----------- kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message