| 1 |
On 04/03/2015 01:49 AM, Paul B. Henson wrote: |
| 2 |
> What is the current status/thoughts regarding libressl? Reviewing the |
| 3 |
> bug and some past threads, it sounds like the initial plan was to make |
| 4 |
> openssl a virtual and let either classic openssl or libressl fulfull it? |
| 5 |
|
| 6 |
Not anymore. We will go for "libressl" USE flag for the same reason |
| 7 |
there is a "libav" USE flag now (working subslots etc). |
| 8 |
|
| 9 |
> I'm not sure if things have changed from that viewpoint, but it really |
| 10 |
> doesn't seem they're going to be plug and play compatible 8-/. libressl |
| 11 |
> offers functionality openssl doesn't and vice versa, and playing nicely |
| 12 |
> with each other doesn't seem to be on the agenda of either. It seems it |
| 13 |
> might make more sense to treat them more like openssl and gnutls, where |
| 14 |
> they both provide similar ssl functionality but a given package might |
| 15 |
> use one, the other, or either? |
| 16 |
> |
| 17 |
|
| 18 |
Renaming library file names is a no-go, imo. Same story with symlink |
| 19 |
hacks via eselect. |
| 20 |
|
| 21 |
> The specific reason for my current inquiry is that the latest openntpd |
| 22 |
> release includes the new support from openbsd for "constraints", where |
| 23 |
> basically you can verify ntp time sources by checking their time |
| 24 |
> relative to a trusted TLS server (which provides the time in HTTP |
| 25 |
> headers). This functionality requires libtls, part of libressl. openssl |
| 26 |
> provides no compatible functionality, so this is a case where they're |
| 27 |
> not plug-and-play, openntpd requires libressl specifically. |
| 28 |
> |
| 29 |
|
| 30 |
Well, since openntpd is developed by BSD guys, no wonder about that |
| 31 |
decision... I guess you could still try to provide a compatibility patch |
| 32 |
for openssl. |
Archives