svn commit: r406060 - head/security/openssl
Bernard Spil
brnrd at freebsd.org
Wed Jan 13 19:16:48 UTC 2016
On 2016-01-13 18:56, Mark Felder wrote:
> On Wed, Jan 13, 2016, at 11:29, Bernard Spil wrote:
>> Author: brnrd
>> Date: Wed Jan 13 17:29:12 2016
>> New Revision: 406060
>> URL: https://svnweb.freebsd.org/changeset/ports/406060
>>
>> Log:
>> security/openssl: Fix No-SSLv3 option
>>
>> - This change adds `no-ssl3-method` to config args
>> - Bump portrevision
>>
>> Testing with security/openssl buillt with SSL3 option disabled [1]
>> revealed that the openssl binary and the libraries still support
>> SSLv3
>> connections and methods. With the added no-ssl3-method argument
>> passed
>> to the config script, the binary no longer supports the -ssl3 option
>> and ports requiring SSLv3 methods fail on undefined references to
>> methods.
>>
>> PR: 203693 [1]
>> Reviewed by: koobs (mentor), feld (mentor, ports-secteam), dinoex
>> (maintainer)
>> Approved by: koobs (mentor), feld (mentor, ports-secteam
>> MFH: 2016Q1
>> Differential Revision: D4924
>>
>
> koobs and I (mentors) goofed up with the review process here. Dinoex as
> maintainer was not involved in the review or approval process, but we
> approved this commit and the commit log message.
>
> This change is a no-op for users who do not set SSL3=off.
>
> Sorry, dinoex :-)
Hi,
I did send an email to dinoex with a request to review this patch. After
the 2 approvals I committed but should've held back...
For users that set SSL3=off this is NOT a no-op. This may trigger build
failures for people, a list of known affected ports is maintained on
https://wiki.freebsd.org/OpenSSL/No-SSLv3. Luckily most major ports have
already been patched.
Sorry...
More information about the svn-ports-all
mailing list