Date: Tue, 09 Sep 2014 10:54:06 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 193482] New: security/openssl - new "no-ssl2" feature breaks at least one dependent port Message-ID: <bug-193482-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193482 Bug ID: 193482 Summary: security/openssl - new "no-ssl2" feature breaks at least one dependent port Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: velcroleaf@rocketmail.com The new (and very useful) config option to security/openssl allows you to compile it without support for SSLv2. Arguably, this should be the default option. However, this has broken at least one dependent port -- security/sslscan <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193083>. I do not know if it has broken others, since sslscan was the tool I was going to use to test other ports. When it broke, I quickly reverted to the original version of openssl, since so much depends on it and I was worried other things might be quietly broken. This might not be the fault of the change to the openssl port itself. Perhaps all dependent ports should be more resilient. However, it has been suggested that there at least be a warning in the description of the SSLv2 flag. If there is a convenient, non-spammy way to notify all the major openssl-dependent port maintainers, that's probably also a good idea. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-193482-13>