OpenSSL 0.9.8k -> 0.9.8l

[APseudoUtopia]

On Sat, Apr 17, 2010 at 10:49 AM, Tim Gustafson <tjg at soe.ucsc.edu> wrote:
> Hi,
>
> I run a few web servers with need to be PCI compliant.  Apparently there's a problem with OpenSSL 0.9.8k that requires us to upgrade to 0.9.8l for us to maintain our compliance level.
>
> I've csup'd to RELENG_8_0 and did a build/install cycle and OpenSSL is still at 0.9.8k.  Using RELENG_8 isn't really an option for me because the last I upgraded to that level, ipfw was broken and I'm not sure that the problem with ipfw has been fixed (Luigi tells me that it has, but I haven't had time to test it yet).
>
> Is there any movement to patch RELENG_8_0 with OpenSSL 0.9.8l?  Or will I be stuck with 0.9.8k until I move to RELENG_8?
>
> Tim Gustafson

This isn't an answer to your question, but you could always use
OpenSSL from the ports tree.

http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssl/

It's at version 1.0.0.