Page MenuHomeFreeBSD

Major SSL/GSSAPI revamp,
Needs ReviewPublic

Authored by mat on Apr 6 2016, 5:36 PM.

Details

Reviewers
None
Group Reviewers
portmgr

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 3404
Build 3442: arc lint + arc unit

Event Timeline

mat retitled this revision from to Major SSL/GSSAPI revamp,.
mat updated this object.
mat edited the test plan for this revision. (Show Details)
mat edited edge metadata.
  • Second pass with the kerberos bits.
mat edited edge metadata.
  • Add a bit to qa.sh to detect bad linking with OpenSSL, and also detect
  • Add a qa bit about kerberos.

in ssk.mk:

​.if exists(${LOCALBASE}/lib/libcrypto.so.37)

This check fails if an older Version is installed, and will break the update on normal FreeBSD systems.

in ssk.mk:

​.if exists(${LOCALBASE}/lib/libcrypto.so.37)

This check fails if an older Version is installed, and will break the update on normal FreeBSD systems.

This is just to help things going, the right way to say "I want this" is to set in your make.conf:

DEFAULT_VERSIONS=    ssl=libressl
mat edited edge metadata.
  • Rework the selection of the SSL port to use.
mat edited edge metadata.

Rebase.

a) I see no way a user can set DEFAULT_VERSIONS to the version from base.
the API for openssl from base and openssl from ports are not compatible.

b) POLA: DEFAULT_VERSIONS should default to openssl from base.

Please check.

a) I see no way a user can set DEFAULT_VERSIONS to the version from base.
the API for openssl from base and openssl from ports are not compatible.

b) POLA: DEFAULT_VERSIONS should default to openssl from base.

Please check.

I don't have to check, the goal is to *never* depend on OpenSSL or GSSAPI from base.