David Kleiner wrote: > In the mean time, is it possible to use the released S8 SUNWcry(*) for > snv_*? S10 happily accepted it, the last time I tried - it also > resolved patch signature verification problems.
No the contents of SUNWcry in Solaris 8 and Solaris 9 were things that were restricted from export from the US. For Solaris 10 the US export law had changed so that was no longer an issue. However at the time of development there was still an import issue for some countries with symetric ciphers that have keylength > 128 bit. We reprovisioned the SUNWcry/SUWNcryr packages to mean "import restricted" rather than "US export restricted" (the reason we did this was because of how Solaris assembled in the RE process). While the S8 or S9 or even S10 packages may well install on snv they will not work properly. The S8/S9 ones will very likely damage the kerberos install. The S10 ones on Nevada will break OpenSSL (depending on the application you may see "random" core dumps that are very hard to explain). Installing the S10 ones on Nevada will leave you with a working pkcs11_softtoken but it won't have the bug fixes and features added in Nevada. -- Darren J Moffat
