Forums.FreeBSD.org - SSL Issue?
Mark Felder
feld at FreeBSD.org
Sun May 17 21:15:44 UTC 2015
On Sun, May 17, 2015, at 16:08, Roger Marquis wrote:
> Mark Felder wrote:
> >> Considering the time to write and test patches is the same in either case
> >> it is still an open question.
>
> > Again, this is not possible. You can't just "replace" the base OpenSSL.
> > That port or package would also have to replace every binary and library
> > in the base system linked to an OpenSSL library such as libcrypt with a
> > version that was built against the updated OpenSSL.
>
> Sure, when you must change the ABI you also have to rebuild linked libs
> and bins, but how many openssl 0.9 updates have required ABI changes?
>
> Roger
This entire discussion has been about doing MAJOR updates to OpenSSL in
base. Updates that obviously require ABI changes.
Please tell me about a feature change between FreeBSD 9.3's OpenSSL
0.9.8za and the latest compatible 0.9.8ze that validates a port for
OpenSSL that replaces base. I cannot find any that justify the effort.
More information about the freebsd-security
mailing list