On Wed, Dec 25, 2013 at 10:52 AM, Mikhail T <mi+apache_at_aldan.algebra.com> wrote: > On 20.12.2013 13:38, olli hauer wrote: >> md2 was deprecated in 2009 by the openssl project >> >> http://cvs.openssl.org/chngview?cn=18381 >> CVE-2009-2409 >> >> As fas as I know some Linux based projects have removed md2 from openssl-0.9.x in 2009. [..] > Could we, please, have MD2 resurrected before 10.0 is officially out? > Preferably in both -lmd and -lcrypto, but certainly in the former. Thank > you! Yours, The time to bring this up was before the freeze for 10.0, a good 6+ months ago. It is way too late now. However.. the code in libmd had had a non-commercial use restriction.. Even if it wasn't too late, that code won't be back. Your best bet is to create a crypto/libmd2 port. Start with the code from openssl. -- Peter Wemm - peter_at_wemm.org; peter_at_FreeBSD.org; peter_at_yahoo-inc.com; KI6FJVReceived on Wed Jan 08 2014 - 06:55:01 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:46 UTC