From owner-freebsd-ports@freebsd.org Wed Nov 30 21:04:52 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 86E99C5D08B for ; Wed, 30 Nov 2016 21:04:52 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6AD191E4A for ; Wed, 30 Nov 2016 21:04:52 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 67022C5D08A; Wed, 30 Nov 2016 21:04:52 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66985C5D089 for ; Wed, 30 Nov 2016 21:04:52 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from prod2.absolight.net (mx3.absolight.net [IPv6:2a01:678:2:100::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 27EE01E49 for ; Wed, 30 Nov 2016 21:04:52 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from prod2.absolight.net (localhost [127.0.0.1]) by prod2.absolight.net (Postfix) with ESMTP id 80E6ABE0AB; Wed, 30 Nov 2016 22:04:50 +0100 (CET) Received: from atuin.in.mat.cc (atuin.in.mat.cc [79.143.241.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by prod2.absolight.net (Postfix) with ESMTPSA id F0E94BE0A5; Wed, 30 Nov 2016 22:04:49 +0100 (CET) Subject: Re: Breaking SSL options: Which to use to build 1000 ports? To: "Julian H. Stacey" , ports@freebsd.org References: <201611301835.uAUIZbxF037904@fire.js.berklix.net> From: Mathieu Arnold Organization: Absolight / The FreeBSD Foundation Message-ID: <74b8d8d4-5a49-fd2c-bb52-61fab82d41c7@FreeBSD.org> Date: Wed, 30 Nov 2016 22:04:48 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.5.0 MIME-Version: 1.0 In-Reply-To: <201611301835.uAUIZbxF037904@fire.js.berklix.net> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="JSmi4xqEV8hmo0bq5h4iUF41IjjFLs5WG" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2016 21:04:52 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --JSmi4xqEV8hmo0bq5h4iUF41IjjFLs5WG Content-Type: multipart/mixed; boundary="fqxIRTLdr8ovg08JiKAuTtkDdFRMO9xor"; protected-headers="v1" From: Mathieu Arnold To: "Julian H. Stacey" , ports@freebsd.org Message-ID: <74b8d8d4-5a49-fd2c-bb52-61fab82d41c7@FreeBSD.org> Subject: Re: Breaking SSL options: Which to use to build 1000 ports? References: <201611301835.uAUIZbxF037904@fire.js.berklix.net> In-Reply-To: <201611301835.uAUIZbxF037904@fire.js.berklix.net> --fqxIRTLdr8ovg08JiKAuTtkDdFRMO9xor Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Le 30/11/2016 =C3=A0 19:35, Julian H. Stacey a =C3=A9crit : > FreeBSD's SSL defaults seem a mess : complex, breaking on loads > of ports, inadequately documented, insufficiently clear error messages.= And any attempt I've made it the past year and a half to make it better was met with "DON'T TOUCH HOW I USE OPENSSL" hate mail. In the close future, the default will be to use OpenSSL from ports, but other things need to happen in the GSSAPI front, and yes, it is a mess. --=20 Mathieu Arnold --fqxIRTLdr8ovg08JiKAuTtkDdFRMO9xor-- --JSmi4xqEV8hmo0bq5h4iUF41IjjFLs5WG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJYPz7wXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85IUV0P/13r/i6NGEzD2C/CFgBMm3T+ TqrmwdGg/6HlSNaWA/DtTMq5H1LQjHm+FD2HicYVGPKc+NjU1smUHMF8Wpj8V28N f/810oYP21hXwZjuJfxLfjcokKvRoNDUurXWluEAIEFlrginmHBpgIzaU0LR0yaj Tv22VQEyu8Ot98h9wIKWBOnJ5WljGegkBlwAWNKVgkQEXUlNXJgfJiuFvKF9PKhU aCzrH8jRKEpPsT8OEmnJClgztQQMn0i1ZcZPhb0cJxJIlPbEyHtVTYIY2zZkrhJo r0ACHELGqtuwmThoxB7XJrtcZ50M4/r3wyiDZrkWYoGbyJXnTDo1HL3WFMoYbniM Y5nzeK8Sgyll5pP28mqKKjgaQItZWAX2BYlqhr9Z5T71h1T2NYnfiume+/3MpZmR iEh2hSh/f5QThAPZxczTTNJHt3OM305mfoDj6twoRQ7Juc1LS8pDyM/20PvHwjqe 4kFh9SroWraw1zgPxOY7gf19z8qBBmhFZE13SfyMG/lknBDZVrBDuNMmaF51ZJ2J LBPf8H40VbhZEvGpigRpEpwju6wx2TMIKtVGl/r8dtDiFux2yKAVO4GpGUv17YVP baHIaUcXV+6FdObyy9qEwH+ssPYV6wph6VovzM2GFuyLwmhWlnVfDWIT9OAUPFSl ZWErwcrwrpwYxZUKIipU =qRGI -----END PGP SIGNATURE----- --JSmi4xqEV8hmo0bq5h4iUF41IjjFLs5WG--