1 |
On 04/03/2015 01:49 AM, Paul B. Henson wrote: |
2 |
> What is the current status/thoughts regarding libressl? Reviewing the |
3 |
> bug and some past threads, it sounds like the initial plan was to make |
4 |
> openssl a virtual and let either classic openssl or libressl fulfull it? |
5 |
|
6 |
Not anymore. We will go for "libressl" USE flag for the same reason |
7 |
there is a "libav" USE flag now (working subslots etc). |
8 |
|
9 |
> I'm not sure if things have changed from that viewpoint, but it really |
10 |
> doesn't seem they're going to be plug and play compatible 8-/. libressl |
11 |
> offers functionality openssl doesn't and vice versa, and playing nicely |
12 |
> with each other doesn't seem to be on the agenda of either. It seems it |
13 |
> might make more sense to treat them more like openssl and gnutls, where |
14 |
> they both provide similar ssl functionality but a given package might |
15 |
> use one, the other, or either? |
16 |
> |
17 |
|
18 |
Renaming library file names is a no-go, imo. Same story with symlink |
19 |
hacks via eselect. |
20 |
|
21 |
> The specific reason for my current inquiry is that the latest openntpd |
22 |
> release includes the new support from openbsd for "constraints", where |
23 |
> basically you can verify ntp time sources by checking their time |
24 |
> relative to a trusted TLS server (which provides the time in HTTP |
25 |
> headers). This functionality requires libtls, part of libressl. openssl |
26 |
> provides no compatible functionality, so this is a case where they're |
27 |
> not plug-and-play, openntpd requires libressl specifically. |
28 |
> |
29 |
|
30 |
Well, since openntpd is developed by BSD guys, no wonder about that |
31 |
decision... I guess you could still try to provide a compatibility patch |
32 |
for openssl. |