Details

Reviewers

None

Group Reviewers

portmgr

Diff Detail

Repository

rP FreeBSD ports repository

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 3404
Build 3442: arc lint + arc unit

Event Timeline

mat updated this revision to Diff 14942.Apr 6 2016, 5:36 PM

mat retitled this revision from to Major SSL/GSSAPI revamp,.

mat updated this object.

mat edited the test plan for this revision. (Show Details)

Herald added a reviewer: portmgr. · View Herald TranscriptApr 6 2016, 5:36 PM

Second pass with the kerberos bits.

Herald edited edge metadata. · View Herald TranscriptApr 7 2016, 12:17 PM

mat mentioned this in D5688: OpenSSL: Refactor Mk/bsd.openssl.mk to Mk/Uses/openssl.mk.Apr 7 2016, 12:32 PM

Add a bit to qa.sh to detect bad linking with OpenSSL, and also detect
Add a qa bit about kerberos.

Herald edited edge metadata. · View Herald TranscriptApr 7 2016, 1:01 PM

in ssk.mk:

.if exists(${LOCALBASE}/lib/libcrypto.so.37)

This check fails if an older Version is installed, and will break the update on normal FreeBSD systems.

In D5865#125413, @dinoex wrote:

in ssk.mk:

.if exists(${LOCALBASE}/lib/libcrypto.so.37)

This check fails if an older Version is installed, and will break the update on normal FreeBSD systems.

This is just to help things going, the right way to say "I want this" is to set in your make.conf:

DEFAULT_VERSIONS=    ssl=libressl

brnrd added a subscriber: brnrd.Apr 7 2016, 7:34 PM

brnrd mentioned this in D5900: security/openssl-devel: Update to 1.1 BETA2 (1.1.0-pre5).Apr 10 2016, 12:29 PM

adamw added a subscriber: adamw.Apr 10 2016, 4:11 PM

thierry added a subscriber: thierry.Apr 13 2016, 5:03 PM

Rework the selection of the SSL port to use.

Herald edited edge metadata. · View Herald TranscriptApr 22 2016, 12:57 PM

Rebase.

Herald edited edge metadata. · View Herald TranscriptApr 22 2016, 1:03 PM

a) I see no way a user can set DEFAULT_VERSIONS to the version from base.
the API for openssl from base and openssl from ports are not compatible.

b) POLA: DEFAULT_VERSIONS should default to openssl from base.

Please check.

In D5865#129664, @dinoex wrote:

a) I see no way a user can set DEFAULT_VERSIONS to the version from base.
the API for openssl from base and openssl from ports are not compatible.

b) POLA: DEFAULT_VERSIONS should default to openssl from base.

Please check.

I don't have to check, the goal is to *never* depend on OpenSSL or GSSAPI from base.

Major SSL/GSSAPI revamp,Needs ReviewPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 15490

Mk/Scripts/qa.sh

Mk/Uses/gssapi.mk

Mk/Uses/localbase.mk

Mk/Uses/ssl.mk

Mk/bsd.default-versions.mk

Mk/bsd.openssl.mk

Mk/bsd.port.mk

Mk/bsd.sanity.mk

benchmarks/polygraph/Makefile

databases/mariadb101-server/Makefile

databases/postgresql91-server/Makefile

databases/postgresql92-server/Makefile

devel/gnome-vfs/Makefile

dns/bind9-devel/Makefile

dns/bind910/Makefile

dns/bind99/Makefile

dns/samba-nsupdate/Makefile

ftp/curl/Makefile

mail/cyrus-imapd24/Makefile

mail/cyrus-imapd25/Makefile

mail/dovecot2/Makefile

mail/mutt/Makefile

mail/mutt14/Makefile

mail/postfix-current/Makefile

mail/postfix/Makefile

mail/postfix211/Makefile

net-im/zephyr/Makefile

net-mgmt/net-snmp/Makefile

net/freeradius2/Makefile

net/freeradius3/Makefile

net/samba36/Makefile

net/wireshark/Makefile

news/inn/Makefile

security/cyrus-sasl2-gssapi/Makefile

security/cyrus-sasl2-saslauthd/Makefile

security/openssh-portable/Makefile

security/p5-Authen-Krb5-Simple/Makefile

security/p5-Authen-Krb5/Makefile

security/p5-GSSAPI/Makefile

security/p5-Heimdal-Kadm5/Makefile

security/p5-openxpki/Makefile

security/pam_krb5/Makefile

security/py-kerberos/Makefile

security/softhsm2/Makefile

security/stunnel/Makefile

www/mod_auth_kerb2/Makefile

www/serf/Makefile

www/squid/Makefile

www/squid/files/extra-patch-build-8-9

Major SSL/GSSAPI revamp,
Needs ReviewPublic
Actions

Revision Contents
Changeset List