Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 Dec 2016 18:18:56 +0000
From:      bugzilla-noreply@freebsd.org
To:        perl@FreeBSD.org
Subject:   [Bug 215197] security/p5-Crypt-SMIME cannot be built with LibreSSL because CMS support is disabled
Message-ID:  <bug-215197-14331-r8TbS5OByb@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-215197-14331@https.bugs.freebsd.org/bugzilla/>
References:  <bug-215197-14331@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215197

--- Comment #7 from John Hein <z7dr6ut7gs@snkmail.com> ---
Peter, sorry for not reading your original post closely enough and piggybac=
king
the FreeBSD 9 issue here.  Perhaps I should open a new bug for that, but
hopefully someone will pick up that patch and apply it.  If not, I'll move =
to a
new bug.

The least I can do is dig into your issue more closely.  It looks like libr=
essl
has had CMS disabled upstream since "day one".  I haven't really been follo=
wing
libressl much, but it seems they just have not implemented CMS.  And in
September they removed it from libressl-portable (commit
df207699777fe7a671df25998808dac473903678).

So it seems like libressl is avoiding CMS at the least.  In any case, I don=
't
see an easy fix.

The crypt-smime change in 0.91 says:

+0.19    Fri Dec  2 13:22:27 JST 2016
+        - Use RFC-5652 CMS functions instead of PKCS#7 ones for better
+          interoperability,  Suggested by Hib Engler <h [...]
+          killercool.net>.  CMS has a backwards compatibility with
+          PKCS#7 so the change should introduce no compat issues.

I did see another project where there was a workaround to fall back to pkcs=
#7 :

https://patchwork.kernel.org/patch/8463141/


In any case, I still don't know what the fix is for your issue (which seems=
 to
perhaps be more of a problem with libressl?).  If CMS is disabled by libres=
sl
for good reasons, perhaps Crypt-SMIME is going in the wrong direction.  But=
 it
could be that libressl is just sweeping it under the rug since they don't w=
ant
to deal with CMS right now.  I can't read the tea leaves well enough to
discern.  Maybe a libressl expert could help more.

Again, sorry for my too-hasty initial read of your bug report and the ensui=
ng
confusion.

--=20
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215197-14331-r8TbS5OByb>