[Bug 193482] New: security/openssl - new "no-ssl2" feature breaks at least one dependent port

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193482

            Bug ID: 193482
           Summary: security/openssl - new "no-ssl2" feature breaks at
                    least one dependent port
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: velcroleaf at rocketmail.com

The new (and very useful) config option to security/openssl allows you to
compile it without support for SSLv2.  Arguably, this should be the default
option.

However, this has broken at least one dependent port -- security/sslscan
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193083>.

I do not know if it has broken others, since sslscan was the tool I was going
to use to test other ports.  When it broke, I quickly reverted to the original
version of openssl, since so much depends on it and I was worried other things
might be quietly broken.

This might not be the fault of the change to the openssl port itself.  Perhaps
all dependent ports should be more resilient.  However, it has been suggested
that there at least be a warning in the description of the SSLv2 flag.

If there is a convenient, non-spammy way to notify all the major
openssl-dependent port maintainers, that's probably also a good idea.

-- 
You are receiving this mail because:
You are the assignee for the bug.