GOST in OPENSSL_BASE

[Slawa Olhovchenkov]

On Mon, Jul 18, 2016 at 12:39:46PM -0400, Jung-uk Kim wrote:

> On 07/18/16 08:12 AM, Mathieu Arnold wrote:
> > Hi,
> > 
> > +--On 11 juillet 2016 22:56:00 +0300 Slawa Olhovchenkov <slw at zxy.spb.ru>
> > wrote:
> > | On Mon, Jul 11, 2016 at 03:00:39PM -0400, Jung-uk Kim wrote:
> > |> > .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) &&
> > |> > ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not
> > |> > support GOST, add \ DEFAULT_VERSIONS+=ssl=openssl to your
> > |> >         /etc/make.conf and rebuild everything \ that needs SSL.
> > |> > .endif
> > |> 
> > |> FreeBSD 9.3 is still supported but GOST is not available there.  It
> > | 
> > | Thanks for clarifications.
> > | 
> > |> seems the ports maintainer didn't want to break it on 9.3 (CC added).
> > |> Version check may be needed there.
> > | 
> > | Thanks!
> > 
> > 
> > The idea is that you can't have mixed openssl usage.  If you link half your
> > ports with openssl from base, and half with openssl from ports, you are
> > going to have dragons attacks, and core dumps.  Also, if you are using
> > openssl from ports, you cannot use GSSAPI from base, for the same reasons.
> 
> Exactly.  That's why we should *allow* using base OpenSSL for 10.x and
> later because many packages are already linked against base OpenSSL by
> default.

Ports still refuse to GOST from base openssl.