Date: Mon, 18 Jul 2016 14:12:09 +0200 From: Mathieu Arnold <mat@FreeBSD.org> To: Slawa Olhovchenkov <slw@zxy.spb.ru>, Jung-uk Kim <jkim@FreeBSD.org> Cc: Andrey Chernov <ache@freebsd.org>, FreeBSD-current <freebsd-current@FreeBSD.org>, freebsd-security <freebsd-security@freebsd.org> Subject: Re: GOST in OPENSSL_BASE Message-ID: <EA5762479033C3438AC67624@ogg.in.absolight.net> In-Reply-To: <20160711195600.GQ46309@zxy.spb.ru> References: <20160710133019.GD20831@zxy.spb.ru> <f35c1806-c06d-0d46-1c8a-58a56adef9a7@freebsd.org> <a4f0585d-cc99-e44a-7f59-0dd23e3c969f@FreeBSD.org> <20160711184122.GP46309@zxy.spb.ru> <f7bb30d6-6c22-4e21-ff8f-a25480ac0278@FreeBSD.org> <20160711195600.GQ46309@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========23F474E5A545A9C3DF6D==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hi,
+--On 11 juillet 2016 22:56:00 +0300 Slawa Olhovchenkov <slw@zxy.spb.ru>
wrote:
| On Mon, Jul 11, 2016 at 03:00:39PM -0400, Jung-uk Kim wrote:
|> > .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) &&
|> > ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not
|> > support GOST, add \ DEFAULT_VERSIONS+=ssl=openssl to your
|> > /etc/make.conf and rebuild everything \ that needs SSL.
|> > .endif
|>
|> FreeBSD 9.3 is still supported but GOST is not available there. It
|
| Thanks for clarifications.
|
|> seems the ports maintainer didn't want to break it on 9.3 (CC added).
|> Version check may be needed there.
|
| Thanks!
The idea is that you can't have mixed openssl usage. If you link half your
ports with openssl from base, and half with openssl from ports, you are
going to have dragons attacks, and core dumps. Also, if you are using
openssl from ports, you cannot use GSSAPI from base, for the same reasons.
--
Mathieu Arnold
--==========23F474E5A545A9C3DF6D==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJXjMeZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz
QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85ICzMP/1o+8RjpxtYqVnZk3oxX4OVe
ZyoCn3gn2OJy48+uPVCxrECHgBUUjtQNuwTZBrWARQJpUSBCvsOFk+8T08bUHzHJ
+Tgtl3/FEHZotnOfE9UYEXVvx5aMQ6D7qtDdK6TP7P7zHyzm5FBe6e9ErvnQ4iaG
A7GsJyE1q45Au+hjRnuRblA+vIHJW4uNRfhiqxQE9kD7obuJWTSSop0FtlTmhXgz
nl84t4NMHGpsfhepebDuZ29us4Dnh6x4ex6B3T4ScfTi5SC+URNpBdaNxYCVV44O
XwUTIZXMtCPTsYvxsf+R/OH/zYurDm2tnc8ggcu15tRMQZvVa0YmYF2VRf1cawlb
S5/WziQZsxhnJ88sFr5B6yMrDxr5koewNTLiUb1naCvIiQjMOrbJWxhSwF3nCBZq
5dXFPI3NM4R2qvlaIMVD6RTHahHdZsnUU3+ujSV9vmWC1L8ACqSbIRb/w+4d6p+M
Xw3Mvds8TvgNozqHszDI72fy370sPcVj8z3sIRxp6dQu345PUzPkQ6GFbv0Birim
lt7cwoZJHKj1ehHMZM0H05yu+a3hVPmtHbByOwkgTr0ZTlnebXSs2cFb7PB7CpSr
HJXTSRFQcceL83cc3nOpjI+y4bOsp/8YRunbBEfkwN5lfOQReD+g4JLYYrqMQTfC
KGrSsyj2tIF2qMrmEkFu
=YRKc
-----END PGP SIGNATURE-----
--==========23F474E5A545A9C3DF6D==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EA5762479033C3438AC67624>