Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 11 Dec 2020 13:28:43 +0100
From:      Franco Fichtner <franco@lastsummer.de>
To:        Martin Simmons <martin@lispworks.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl
Message-ID:  <612054DD-F857-455F-AF49-695A910A0D81@lastsummer.de>
In-Reply-To: <202012111219.0BBCJYSf000629@higson.cam.lispworks.com>
References:  <202012111219.0BBCJYSf000629@higson.cam.lispworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

> On 11. Dec 2020, at 13:20, Martin Simmons <martin@lispworks.com> wrote:
>=20
> =EF=BB=BF
>>=20
>>>>>> On Fri, 11 Dec 2020 12:44:17 +0100, Franco Fichtner said:
>>=20
>>>> On 11. Dec 2020, at 12:38 PM, Martin Simmons <martin@lispworks.com> wro=
te:
>>>=20
>>>>>>>> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
>>>>=20
>>>> What are peoples thoughts on how to address the support mismatch betwee=
n
>>>> FreeBSD and OpenSSL?  And how to address it?
>>>=20
>>> Maybe it would help a little if the packages on pkg.FreeBSD.org all used=
 the
>>> pkg version of OpenSSL?  Currently, it looks like you have build your ow=
n
>>> ports if you want that.
>>=20
>> This pretty much breaks LibreSSL ports usage for binary package consumers=
.
>=20
> I'm talking about the binary packages from pkg.FreeBSD.org.  Don't they al=
ways
> use the base OpenSSL at the moment?

Yes, and if it would be built against ports OpenSSL you can no longer build a=
gainst LibreSSL locally.

In OPNsense we do build against ports OpenSSL for upgrade ease, but we also o=
ffer a second set of packages for LibreSSL.

For the normal FreeBSD user defaulting packages against OpenSSL from ports w=
ould be severely limiting their capability to deviate from this with one-off=
 builds and most cannot or will not run their own poudriere batch.

Effectively, using the second tier crypto to emulate the first tier crypto w=
ould trash the second tier for everyone else.


Cheers,
Franco=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?612054DD-F857-455F-AF49-695A910A0D81>