Page MenuHomeFreeBSD

Major SSL/GSSAPI revamp,
Needs ReviewPublic

Authored by mat on Apr 6 2016, 5:36 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 20 2024, 1:07 PM
Unknown Object (File)
Dec 20 2023, 12:36 AM
Unknown Object (File)
Nov 27 2023, 4:49 PM
Unknown Object (File)
Nov 27 2023, 3:50 PM
Unknown Object (File)
Nov 18 2023, 8:02 PM
Unknown Object (File)
Nov 18 2023, 9:12 AM
Unknown Object (File)
Nov 18 2023, 8:00 AM
Unknown Object (File)
Nov 18 2023, 6:42 AM

Details

Reviewers
None
Group Reviewers
portmgr

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 3164
Build 3197: arc lint + arc unit

Event Timeline

mat retitled this revision from to Major SSL/GSSAPI revamp,.
mat updated this object.
mat edited the test plan for this revision. (Show Details)
mat edited edge metadata.
  • Second pass with the kerberos bits.
mat edited edge metadata.
  • Add a bit to qa.sh to detect bad linking with OpenSSL, and also detect
  • Add a qa bit about kerberos.

in ssk.mk:

​.if exists(${LOCALBASE}/lib/libcrypto.so.37)

This check fails if an older Version is installed, and will break the update on normal FreeBSD systems.

in ssk.mk:

​.if exists(${LOCALBASE}/lib/libcrypto.so.37)

This check fails if an older Version is installed, and will break the update on normal FreeBSD systems.

This is just to help things going, the right way to say "I want this" is to set in your make.conf:

DEFAULT_VERSIONS=    ssl=libressl
mat edited edge metadata.
  • Rework the selection of the SSL port to use.
mat edited edge metadata.

Rebase.

a) I see no way a user can set DEFAULT_VERSIONS to the version from base.
the API for openssl from base and openssl from ports are not compatible.

b) POLA: DEFAULT_VERSIONS should default to openssl from base.

Please check.

a) I see no way a user can set DEFAULT_VERSIONS to the version from base.
the API for openssl from base and openssl from ports are not compatible.

b) POLA: DEFAULT_VERSIONS should default to openssl from base.

Please check.

I don't have to check, the goal is to *never* depend on OpenSSL or GSSAPI from base.