From owner-freebsd-arch Thu Aug 1 18:46:41 2002 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0DEB37B400 for ; Thu, 1 Aug 2002 18:46:38 -0700 (PDT) Received: from snipe.mail.pas.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 633C943E6E for ; Thu, 1 Aug 2002 18:46:38 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from pool0431.cvx40-bradley.dialup.earthlink.net ([216.244.43.176] helo=mindspring.com) by snipe.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 17aRWU-0005xa-00; Thu, 01 Aug 2002 18:46:35 -0700 Message-ID: <3D49E41D.57DBF81C@mindspring.com> Date: Thu, 01 Aug 2002 18:45:01 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Mikhail Teterin Cc: arch@FreeBSD.ORG Subject: Re: OpenSSL vs. -lmd References: <200207311641.g6VGfRWj099655@freefall.freebsd.org> <200208011830.20096.mi+mx@aldan.algebra.com> <3D49BBEF.F1156C79@mindspring.com> <200208012006.25130@aldan> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mikhail Teterin wrote: > Ours does... You _can_ easily install OpenSSL of your choice (you should > use the port, but you don't have to). And yes, you need to make sure your > -I and -L settings point to the right locations, but that is always the case. > > In addition, the openssl port has a setting, with which you overwrite the base > openssl -- letting you easily install the latest and greatest OpenSSL on a not > so latest OS. If there's a port for it. ports/security/openssl/Makefile: PORTVERSION= 0.9.6e ...not very happening, if I need an app_verify_callback() that actually passes the user's void * parameter like it's supposed to, AES CFB or OFB or CTR, RFC2256 compliance for object definitions, IBM 4758 crypto card support, or want Theo de Raadt's security patch for ui_openssl.c, or want X.509 mandatory extension handling or CRL checking, or use PKCS#7 with S/MIME, etc.. That (and a lot more) all requires that I use 0.9.7. > I wonder, why you are not complaining about us having -lc in the base system > :-) After all, with Linux systems you usually have a choice -- glibc/libc/etc. I'll complain about the resolver being in libc, if that'll make you happy... it'll make everyone who has to do name lookups serially so they compalin about IPv6 in Mozilla happy... 8-). > The digests are in -lcrypto. It is the -lssl, that changes (or should > change) more often. > > In any case, I have the same -lcrypto and -lssl versions on my > -current and -stable systems. The libs are quite stable, even if less > so, than the -lmd. > > In any case, same problem (if it is a problem) exists with -lc, -lm > (oh, yes!) and other libraries. Why pick on OpenSSL? Because it was the example in the subject line of a message that wanted to get rid of libmd, making my software dependent on the libcrypt version number when it wasn't before. If I picked a different example, it would just be someone else unhappy, plus people could complain that it was off topic for the subject line. 8-). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message