|What is the current status/thoughts regarding libressl? Reviewing the
|bug and some past threads, it sounds like the initial plan was to make
|openssl a virtual and let either classic openssl or libressl fulfull it?
|I'm not sure if things have changed from that viewpoint, but it really
|doesn't seem they're going to be plug and play compatible 8-/. libressl
|offers functionality openssl doesn't and vice versa, and playing nicely
|with each other doesn't seem to be on the agenda of either. It seems it
|might make more sense to treat them more like openssl and gnutls, where
|they both provide similar ssl functionality but a given package might
|use one, the other, or either?
|The specific reason for my current inquiry is that the latest openntpd
|release includes the new support from openbsd for "constraints", where
|basically you can verify ntp time sources by checking their time
|relative to a trusted TLS server (which provides the time in HTTP
|headers). This functionality requires libtls, part of libressl. openssl
|provides no compatible functionality, so this is a case where they're
|not plug-and-play, openntpd requires libressl specifically.