From owner-freebsd-current Sat Feb 19 7:13:50 2000 Delivered-To: freebsd-current@freebsd.org Received: from www.geocrawler.com (sourceforge.net [198.186.203.33]) by hub.freebsd.org (Postfix) with ESMTP id 9476E37BC85 for ; Sat, 19 Feb 2000 07:13:48 -0800 (PST) (envelope-from nobody@www.geocrawler.com) Received: (from nobody@localhost) by www.geocrawler.com (8.9.3/8.9.3) id HAA01528; Sat, 19 Feb 2000 07:13:50 -0800 Date: Sat, 19 Feb 2000 07:13:50 -0800 Message-Id: <200002191513.HAA01528@www.geocrawler.com> To: freebsd-current@freebsd.org Subject: openssl in -current From: "Victor Salaman" Reply-To: "Victor Salaman" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message was sent from Geocrawler.com by "Victor Salaman" Be sure to reply to that address. I personally think that it's braindead to add openssl to the system and stripout parts of it (RSA & IDEA). Don't get me wrong, I love to have openssl inside the system, it's just that a lot of things don't work as expected (OpenSSH, Apache- modssl,etc). I think there are sneaky ways to get around the export restrictions, patents, etc. I think FreeBSD should let the user decide wether they want to take the resposability of installing the restricted code or not, and not let the developers decide that. As a quick fix, I have setup openssl094 separate from the system build, and have incorporated a script to copy the "original" libraries in /usr/lib as the original authors of OpenSSL intented and now my openssh port, apache-modssl, (everything) works as expected. Imagine that you are setting up 100 FreeBSD machines, it's not an option to do make world from sources and build a "new" non-crippled crypto system. You just want to install it and go! This is not a flame. Just my 2 cents. Geocrawler.com - The Knowledge Archive To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message