Re: GOST in OPENSSL_BASE

From: Jung-uk Kim <jkim_at_FreeBSD.org>
Date: Mon, 11 Jul 2016 15:00:39 -0400
On 07/11/16 02:41 PM, Slawa Olhovchenkov wrote:
> On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote:
> 
>> On 07/10/16 10:10 AM, Andrey Chernov wrote:
>>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote:
>>>> I am surprised lack of support GOST in openssl-base.
>>>> Can be this enabled before 11.0 released?
>>>
>>> AFAIK openssl maintainers says something like they can't support this
>>> code and it will become rotten shortly with new changes, so they drop it.
>>
>> [OpenSSL-maintainer-for-the-base hat on]
>>
>> GOST is supported on FreeBSD 10.x and 11.x.  We will not drop it on
>> these branches unless secteam explicitly ask us to do so.  However, we
>> *may* drop it from 12.0 *iff* we import OpenSSL 1.1.0 branch.
>>
>> [OpenSSL-maintainer-for-the-base hat off]
>>
>> Jung-uk Kim
>>
> 
> Thanks!
> 
> May be need file PR for dns/bind910?
> 
> # grep -3 BROK /poudriere/ports/default/dns/bind910/Makefile
> .include <bsd.port.pre.mk>
> 
> .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base
> BROKEN= OpenSSL from the base system does not support GOST, add \
>         DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \
>         that needs SSL.
> .endif

FreeBSD 9.3 is still supported but GOST is not available there.  It
seems the ports maintainer didn't want to break it on 9.3 (CC added).
Version check may be needed there.

Jung-uk Kim


Received on Mon Jul 11 2016 - 17:00:45 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:06 UTC