Date: Fri, 20 Dec 2013 19:38:04 +0100 From: olli hauer <ohauer@gmx.de> To: Current FreeBSD <freebsd-current@freebsd.org> Cc: "Mikhail T." <mi+thun@aldan.algebra.com> Subject: Re: md2 on current and 10. Message-ID: <52B48E8C.5070804@gmx.de> In-Reply-To: <52B486AD.7080102@aldan.algebra.com> References: <52B392D9.4030507@aldan.algebra.com> <52B483D7.7080302@gmx.de> <52B486AD.7080102@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2013-12-20 19:04, Mikhail T. wrote: > On 20.12.2013 12:52, olli hauer wrote: >> Hm the config script tests for md2 and sha1 ... >> What happens if md2 support is removed from the code? > Yes, the md2 can be removed from the set of digests made available by the port > -- that's not a problem. > > What I wanted to know, was why? Maybe, the header files should've been replaced > with ones containing an #error (like malloc.h was)... Oh well... > > -mi md2 was deprecated in 2009 by the openssl project http://cvs.openssl.org/chngview?cn=18381 CVE-2009-2409 As fas as I know some Linux based projects have removed md2 from openssl-0.9.x in 2009. I have no answer why FreeBSD 8/9 has the old openssl-0.9.8y and md2 support was not removed. -- olli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52B48E8C.5070804>