Date: Mon, 11 Jul 2016 15:00:39 -0400 From: Jung-uk Kim <jkim@FreeBSD.org> To: Slawa Olhovchenkov <slw@zxy.spb.ru> Cc: Andrey Chernov <ache@freebsd.org>, Mathieu Arnold <mat@FreeBSD.org>, FreeBSD-current <freebsd-current@FreeBSD.org>, freebsd-security <freebsd-security@freebsd.org> Subject: Re: GOST in OPENSSL_BASE Message-ID: <f7bb30d6-6c22-4e21-ff8f-a25480ac0278@FreeBSD.org> In-Reply-To: <20160711184122.GP46309@zxy.spb.ru> References: <20160710133019.GD20831@zxy.spb.ru> <f35c1806-c06d-0d46-1c8a-58a56adef9a7@freebsd.org> <a4f0585d-cc99-e44a-7f59-0dd23e3c969f@FreeBSD.org> <20160711184122.GP46309@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--lltlppxNlMO90TBfKxss3RoASxqmhXSxg
Content-Type: multipart/mixed; boundary="FG8GOdFswa7RWPDvlkjjOQbh245VwOePp"
From: Jung-uk Kim <jkim@FreeBSD.org>
To: Slawa Olhovchenkov <slw@zxy.spb.ru>
Cc: Andrey Chernov <ache@freebsd.org>, Mathieu Arnold <mat@FreeBSD.org>,
FreeBSD-current <freebsd-current@FreeBSD.org>,
freebsd-security <freebsd-security@freebsd.org>
Message-ID: <f7bb30d6-6c22-4e21-ff8f-a25480ac0278@FreeBSD.org>
Subject: Re: GOST in OPENSSL_BASE
References: <20160710133019.GD20831@zxy.spb.ru>
<f35c1806-c06d-0d46-1c8a-58a56adef9a7@freebsd.org>
<a4f0585d-cc99-e44a-7f59-0dd23e3c969f@FreeBSD.org>
<20160711184122.GP46309@zxy.spb.ru>
In-Reply-To: <20160711184122.GP46309@zxy.spb.ru>
--FG8GOdFswa7RWPDvlkjjOQbh245VwOePp
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 07/11/16 02:41 PM, Slawa Olhovchenkov wrote:
> On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote:
>=20
>> On 07/10/16 10:10 AM, Andrey Chernov wrote:
>>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote:
>>>> I am surprised lack of support GOST in openssl-base.
>>>> Can be this enabled before 11.0 released?
>>>
>>> AFAIK openssl maintainers says something like they can't support this=
>>> code and it will become rotten shortly with new changes, so they drop=
it.
>>
>> [OpenSSL-maintainer-for-the-base hat on]
>>
>> GOST is supported on FreeBSD 10.x and 11.x. We will not drop it on
>> these branches unless secteam explicitly ask us to do so. However, we=
>> *may* drop it from 12.0 *iff* we import OpenSSL 1.1.0 branch.
>>
>> [OpenSSL-maintainer-for-the-base hat off]
>>
>> Jung-uk Kim
>>
>=20
> Thanks!
>=20
> May be need file PR for dns/bind910?
>=20
> # grep -3 BROK /poudriere/ports/default/dns/bind910/Makefile
> .include <bsd.port.pre.mk>
>=20
> .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DE=
FAULT} =3D=3D base
> BROKEN=3D OpenSSL from the base system does not support GOST, add \
> DEFAULT_VERSIONS+=3Dssl=3Dopenssl to your /etc/make.conf and re=
build everything \
> that needs SSL.
> .endif
FreeBSD 9.3 is still supported but GOST is not available there. It
seems the ports maintainer didn't want to break it on 9.3 (CC added).
Version check may be needed there.
Jung-uk Kim
--FG8GOdFswa7RWPDvlkjjOQbh245VwOePp--
--lltlppxNlMO90TBfKxss3RoASxqmhXSxg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXg+zYAAoJEHyflib82/FGqUcH/3BZje39Cz/9CWG8hDkE21w6
+o5lBJadM+rM0+7zCpfcCZ5FGJ/+IqGW/HWIjS1HyfkUrCouMU7dkYBEm1S/Lgfh
lZge8AjUi1hgnwyUsJpEAtsCmH4d+t+IVZuJIjuLCv3qqsXsgughq1ql55yxJDx4
woFyFo/5VXgZeapNcXPyVpdV8EXcSGiqgUIH/qIXcjOFeZgtfN8GnPCXFAe2zYZQ
r+rNJpgQ8plZtSTYJeMCEo40qcqxGO4uFwIbhBVODjvt79PH0ZuKQeosSRo0AN7I
6bStkQAjSH73En9mJaQ/mAMroiOH7XpNpWVt2iuirO72bgWCgeUlsTKr+8eH7vU=
=g93h
-----END PGP SIGNATURE-----
--lltlppxNlMO90TBfKxss3RoASxqmhXSxg--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f7bb30d6-6c22-4e21-ff8f-a25480ac0278>