On 11.07.2016 21:41, Slawa Olhovchenkov wrote: > On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote: > >> On 07/10/16 10:10 AM, Andrey Chernov wrote: >>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote: >>>> I am surprised lack of support GOST in openssl-base. >>>> Can be this enabled before 11.0 released? >>> >>> AFAIK openssl maintainers says something like they can't support this >>> code and it will become rotten shortly with new changes, so they drop it. >> >> [OpenSSL-maintainer-for-the-base hat on] >> >> GOST is supported on FreeBSD 10.x and 11.x. We will not drop it on >> these branches unless secteam explicitly ask us to do so. However, we >> *may* drop it from 12.0 *iff* we import OpenSSL 1.1.0 branch. >> >> [OpenSSL-maintainer-for-the-base hat off] >> >> Jung-uk Kim >> > > Thanks! > > May be need file PR for dns/bind910? > > # grep -3 BROK /poudriere/ports/default/dns/bind910/Makefile > .include <bsd.port.pre.mk> > > .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base > BROKEN= OpenSSL from the base system does not support GOST, add \ > DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \ > that needs SSL. > .endif > I dislike idea to use GOST in the bind, it is unneeded there, DNSSEC don't use GOST, so I vote for removing GOST option from there.Received on Mon Jul 11 2016 - 20:45:04 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:06 UTC