Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 18 Feb 2000 19:57:31 -0500 (EST)
From:      Robert Watson <robert@cyrus.watson.org>
To:        Kris Kennaway <kris@FreeBSD.org>
Cc:        freebsd-current@FreeBSD.org
Subject:   Supported ways to do RSA/OpenSSL on 4.0?
Message-ID:  <Pine.BSF.3.96.1000218194104.39111M-100000@fledge.watson.org>

next in thread | raw e-mail | index | archive | help

Kris,

I was pointed to you for questions regarding whether or not certain ports
would be working udner 4.0-RELEASE -- specifically, OpenSSH and related
applications which depend on SSL/RSA.  Do we plan to provide a consistent
and documented way for users of FreeBSD to go from the RSA-disabled base
library set to the RSA-enabled set, and in a way that provides adequate
instruction?  I get rather uninformative errors when trying to compile
OpenSSH, SSLproxy, and Apache13-modssl, none of which is discovered by the
ports mechanism, rather the application makefiles.  While I understand
that you are not the maintainer for these ports,... :-)

It might be nice, for example, to have a stage in sysinstall for
crypto-configuration--it would also be accessible post-install, and would
provide easy access to install via package the underlying RSA libraries,
with appropriate documentation of licensing issues and confirmation of
location, etc.  Presumably one could back-end this onto a set of ports or
packages, so there would be  more scalable command line/scriptable
interface.

This may already be in the works, but if so it wwasn't obvious from the
02-14 snapshot.  Whatever the solution, what's currently there seems to be
inadequate :-).  Retaining an easy-to-use install path for common
crypto-applications, such as SSH, Apache-modssl, SSLproxy, and others, is
important as application accessibility (the ports collection) is a big
selling point for FreeBSD.

In the short term--what is the recommended way to install RSA support
without rebuilding world?  On real-world systems, rebuilding the world as
soon as you have installed is not an option that can be taken
seriously--you go from a 1 hour install time (or significantly less) to a
build, etc cycle that can take a significant amount of time per-box.

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1000218194104.39111M-100000>