Am 09.01.18 um 18:24 schrieb Perry E. Metzger:
On Mon, 8 Jan 2018 18:47:14 +0100 Jan Stary <[email protected]> wrote:
Hi Jeremy,
On Sat, Dec 02, 2017 at 06:03:17AM -0800, Jeremy Huddleston
Sequoia wrote:
There are some things that I want to do to the port (and
OpenSSL)
It would be very nice if all ports currently depending on openssl
would build against libressl, and we could get rid of openssl
in favor of the way-superior libressl (until Apple replaces
it system wide. ha ha ha.)
I'm not sure I agree with the claim that libressl is necessarily
better.
i would as well be cautions with the term "superior", at least when the
criteria
are not clear.
In the past i have provided support for OpenSSL 1.0.* and 1.1.* and
LibreSSL 2.6.3 and 2.6.4 for non-trivial projects , and from my experience
this is not a simple drop-in replacement in general. One pain is that
OpenSSL
changed some calls between 1.0 and 1.1, and another one is that
LibreSSL claims to be OpenSSL 2.* (via |OPENSSL_VERSION_NUMBER|)
which confuses source code that has to compare for version numbers
for the above reasons.
The process is doable (see e.g. HardenedBSD [1], OpenBSD 5.6), but
cooperation with upstream projects is probably required for some packages.
all the best
-g
[1]
https://brnrd.eu/libressl/2016-03-06/libressl-in-hardenedbsd-base-part-ii.html
