On Wed, Dec 25, 2013 at 10:52 AM, Mikhail T <mi+apa...@aldan.algebra.com> wrote:
> On 20.12.2013 13:38, olli hauer wrote:
>> md2 was deprecated in 2009 by the openssl project
>>  http://cvs.openssl.org/chngview?cn=18381
>>  CVE-2009-2409
>> As fas as I know some Linux based projects have removed md2 from 
>> openssl-0.9.x in 2009.
> Could we, please, have MD2 resurrected before 10.0 is officially out?
> Preferably in both -lmd and -lcrypto, but certainly in the former. Thank
> you! Yours,

The time to bring this up was before the freeze for 10.0, a good 6+
months ago. It is way too late now.

However.. the code in libmd had had a non-commercial use restriction..
Even if it wasn't too late, that code won't be back.

Your best bet is to create a crypto/libmd2 port.  Start with the code
from openssl.
Peter Wemm - pe...@wemm.org; pe...@freebsd.org; pe...@yahoo-inc.com; KI6FJV
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to