On Fri, May 17, 2019 at 02:13:46PM +0200, Harald Dunkel wrote: > Hi Gilles, >
Hi, > I understand that ssl support is a highly complex issue, making it > necessary to focus and to get rid of the cruft. > > It would be a pity if opensmtpd becomes "OpenBSD-only", though. > I agree and being the one in charge of portable OpenSMTPD these days you can trust me that I'm highly annoyed by this situation because I wish we were available to everyone. I should clarify something: I didn't wake up in a mood to kill OpenSSL support in OpenSMTPD. I built OpenSMTPD on a range of machines and realized that, again, I had made no change to the TLS layer but build was broken on half the machines. I did not remove the support, it removed itself when a new version came and it broke existing code. After spending two days trying to unbreak things, I decided to put a stop to this madness and remove all of OpenSSL-specific kludge, ifdefs and autoconf pieces. If OpenSSL can be made to work so we don't have to keep adding conditional tests here and there, I'll be more than happy, in the meanwhile I'm not taking the extra load of work. LibreSSL can be built on machines with OpenSSL and coexist, I've done it on several systems (FreeBSD and various Linux distros) so my take now is that there's no reason not to package it as an alternative and OpenSMTPD can depend on it. There's no good reason not to support both... To finish, I had someone tell me in private that he did not want to rely on LibreSSL because he didn't trust it... some of the commits to our TLS layer were actually done or suggested by the LibreSSL folks. We have the same code standards, to trust us but not LibreSSL is really absurd :-) -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
