From owner-freebsd-security@FreeBSD.ORG  Sun May 17 21:08:44 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 010A2A66;
 Sun, 17 May 2015 21:08:43 +0000 (UTC)
Received: from mx5.roble.com (mx5.roble.com [206.40.34.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id E12931EDD;
 Sun, 17 May 2015 21:08:43 +0000 (UTC)
Date: Sun, 17 May 2015 14:08:43 -0700 (PDT)
From: Roger Marquis <marquis@roble.com>
To: Mark Felder <feld@FreeBSD.org>
cc: freebsd-security@freebsd.org
Subject: Re: Forums.FreeBSD.org - SSL Issue?
In-Reply-To: <1431896211.1954759.271044297.00C7D719@webmail.messagingengine.com>
References: <CACRVPYOALi-V8D34zeJTYdSwHshYrqtttqVV3=aP8Yb6ZAxfyg@mail.gmail.com>
 <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com>
 <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net>
 <20150514193706.V69409@sola.nimnet.asn.au>
 <F2460C80-969A-46DF-A44F-6C3D381ABDC3@patpro.net>
 <5554879D.7060601@obluda.cz>
 <1431697272.3528812.269632617.29548DB0@webmail.messagingengine.com>
 <5556E5DC.7090809@obluda.cz>
 <1431894012.1947726.271026057.54BB4786@webmail.messagingengine.com>
 <cmu-lmtpd-294856-1431895835-6@sloti22t01>
 <1431896211.1954759.271044297.00C7D719@webmail.messagingengine.com>
User-Agent: Alpine 2.11 (BSF 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 May 2015 21:08:44 -0000

Mark Felder wrote:
>> Considering the time to write and test patches is the same in either case
>> it is still an open question.

> Again, this is not possible. You can't just "replace" the base OpenSSL.
> That port or package would also have to replace every binary and library
> in the base system linked to an OpenSSL library such as libcrypt with a
> version that was built against the updated OpenSSL.

Sure, when you must change the ABI you also have to rebuild linked libs
and bins, but how many openssl 0.9 updates have required ABI changes?

Roger