Date: Thu, 27 Feb 2020 21:53:28 +0100 From: Mathieu Arnold <mat@FreeBSD.org> To: Freddie Cash <fjwcash@gmail.com> Cc: Willem Jan Withagen <wjw@digiware.nl>, "ports@freebsd.org" <ports@freebsd.org>, Pete Wright <pete@nomadlogic.org>, Miroslav Lachman <000.fbsd@quip.cz> Subject: Re: About protocols in openssl Message-ID: <20200227205328.dxpnwqcekdotnz4j@atuin.in.mat.cc> In-Reply-To: <CAOjFWZ5XFPK7tyj8DTtOOm_pRRA_YWUS50o=tPhc5cuFoUQeTA@mail.gmail.com> References: <f7d98734-20dd-5ee7-b8b9-6ebc69603cb7@digiware.nl> <d7673dcd-467a-25ce-bca7-21cd74bf1777@quip.cz> <75330ed3-5f85-ea63-b8df-c73b5426b5a8@digiware.nl> <be596e5a-c136-cd3f-d634-f19558ac25ff@nomadlogic.org> <0104ac5e-8d50-4a7e-ee6e-20c3a0167700@digiware.nl> <CAOjFWZ5XFPK7tyj8DTtOOm_pRRA_YWUS50o=tPhc5cuFoUQeTA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--i5hcfwvwiv6al2gz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 27, 2020 at 12:45:51PM -0800, Freddie Cash wrote: > On Thu, Feb 27, 2020, 12:37 PM Willem Jan Withagen, <wjw@digiware.nl> wro= te: >=20 > > > > Interesting, but not quite what I want.... > > It is not for personal usage, but for ports that I have commited to the > > ports collection, and want to upgrade. > > And yes, fixing openssl works for this problem, but it is not only my > > problem. > > > > I maintain these Ceph ports, and now upstream uses a python module that > > expects SSlv3 to be available in the openssl that encounters on the sys= tem. > > And the question is how to accommodate that? > > Short of embedding my own openssl libs with the ceph-libs, thus creating > > a huge maintenance problem. > > > > I could also argue that switching of SSLv3 in a generic library is sort > > of impractical, even if it is a protocol that we want to erradicate. > > But I guess that the maintainers of openssl have decided that this is > > the smart thing to do. > > And I'm in peace with that, but now require an escape from this catch-2= 2. > > > > --WjW > > >=20 > There's no mechanism in the ports tree framework for port X to depend on > feature Y being enabled in port Z. >=20 > All you can do is add a pkg-message alert to your ceph port saying the use > needs to compile the openssl port with SSLv3 enabled. >=20 > You could create a slave port for openssl that has that option enabled, > then depend on that slave port. But that might create dependency issues > elsewhere. You can do it, but nobody will commit that kind of change. The choice of which OpenSSL version to use is a user facing change, and it is done globally. As a side note, SSLv3 is going away, anything done right now that needs it is doomed. > Sub-packages might (eventually) allow you to work around this. As probably the only one who knows the subpackages implementation, I don't see how it possibly could. --=20 Mathieu Arnold --i5hcfwvwiv6al2gz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEOraXidLtEhBkQLpbOkUW81GDzkgFAl5YLEhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNB QjY5Nzg5RDJFRDEyMTA2NDQwQkE1QjNBNDUxNkYzNTE4M0NFNDgACgkQOkUW81GD zkiw7BAArdWE7XAzMCqDdQnF0P1+sJCzX+8oDqxuyYCzxlhJD4uzFYJxSyYvrUOs JQn55xMxlPb+1Gx8wizilXwbpXXfN7nbRKMWPC1fF+2GzG+rpn8ADKVm0/LJuoLS OOVrDBU6oWLlPLKg693q9Gxrj439CMkCjugsZwhfczd/29CbqkeqUDRh7DW2SLgD 34rqG/vBsIhBspeWijxlVa55B/SSmz3lO5+4KTOJuAV6fyqL7/VdrxsMLoKs0LY9 Kk4MMmssRgcMevCyCy5Wdy0VDNqp1c4pB0/1qDtRlb3y/D7rHPX0WLa7JNEHH2F2 VEmdIlZSa7bqaikMA2C8AJXaBIFbdaluJPVO+zF/tkpW+4zcCEAH1kKuPFH2+JZI XTAIw6hN0ZVwyJP0/qBLTzcSH+UUwddrQpzW2UrL/pRsnZQXQzwK6fL+64p+A1IF 9/2tHclB9mdxZNS/4OhKeppGOWhX7QbxF/0cxqITS9K9jEOM7TFp1V+E0nJV+wlx 6o4zzpwCJFDS/puRHVU4jIEyOruHsdyAKFMI/+JsfuUys5erxUYYdGxinhkB8/CG eX07bXSDoC5FwmX+hT+i8AHRbqHOFIXa8zFEyvHRRKwh4q8YNYCQ4CAAv45n9TH5 ZJun6FjVnhXtcHIIIdIIeluSLrbjK84OiCa8tBhe4hScgzo7gmw= =a5NW -----END PGP SIGNATURE----- --i5hcfwvwiv6al2gz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200227205328.dxpnwqcekdotnz4j>