Simon L. Nielsen wrote:
On 2008.01.13 11:01:46 -0800, Sam Leffler wrote:
Simon L. Nielsen wrote:
On 2008.01.13 11:44:47 +0000, Simon L. Nielsen wrote:
simon 2008-01-13 11:44:47 UTC
FreeBSD src repository
Modified files:
crypto/openssl/crypto/engine eng_cryptodev.c Log:
Unbreak detection of cryptodev support for FreeBSD which was broken
with OpenSSL 0.9.8 import.
Note that this does not enable cryptodev by default, as it was the
case with OpenSSL 0.9.7 in FreeBSD base, but this change makes it
possible to enable cryptodev at all.
With this change it is possible to enable cryptodev by default for
openssl(1) with lines like below in etc/ssl/openssl.cnf.
Unfortunately openssh does not call the functions to read the config
file so it's not possible to enable cryptodev in openssh in a similar
fashion. I have yet figure out how to do support cryptodev by default
cleanly...
[...]
I gave you a patch to make cryptodev the default (if present) w/o modifying
openssl.cnf. That is how things used to work in freebsd and how things
work on systems like openbsd. Was there a problem w/ it?
I'm not certain that is the correct way and that it won't have any
other side-effects. I should have found some OpenSSL people to bug
about this, but I haven't gotten around to doing that yet.
Ok, I thought you were going to do that before this commit; hence my
question.
Part of what worries me some, is that I can't find out why OpenSSL
stopped just using cryptodev by default, neither in docs nor in the
code.
I would expect openssl folks had no clue they broke it because openbsd
doesn't track their code (in this area at least). The only worry I have
about my change is if it makes it impossible to override it's use (e.g.
via openssl.cnf). If you can override the default then I can see
nothing wrong w/ the change and it will "fix ssh".
Sam
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
