due to non-backwards compatible changes. The shlib bump necessitates
a corresponding bump in bsd.port.mk for the automagic openssl
dependency. Mistakes in the port are my responsibility. Approval for
the bsd.port.mk commit comes through asami -> kkenn -> me. Kris is
a little busy at the moment, so he asked me to lob it in.
Approved by: kris
and don't mark BROKEN if it doesn't exist.
2. Provide a workaround for inability of recent gcc to link shared library
when -Wl,-whole-archive ld(1) option is used. This should make possible to
build the port on recent -stable or -current.
on such systems.
(I know we aren't supporting a.out systems any more, but this was
requested by some people. And the change is trivial.)
Tested by: nate
some piece of the base system (a-la crypto). I wrote "rsaref port" instead
of "security/rsaref" since on the remote chance that rsaref switches
categories, I don't want the message to become wrong.
the diffs are trashed because Makefile.org is used as a basis for
Makefile.ssl during configuration. Now that patch-ab is applied correctly
libRSAglue.a is installed.
- add patch-aj obtained from the OpenSSL CVS repository:
"Make sure the RSA OAEP test is skipped under -DRSAref because
OAEP isn't supported when OpenSSL is built with RSAref."
According to the OpenSSL-core-team you are strongly encouraged to upgrade
any old version. The new version has a lot of bug fixes.
- ${PREFIX}/bin/ssleay was renamed to ${PREFIX}/bin/openssl and
${PREFIX}/etc/ssleay.cnf to ${PREFIX}/lib/openssl.cnf
- there are no links from e. g. ${PREFIX}/bin/md5 to ${PREFIX}/bin/ssleay
any longer, instead you have to call "openssl md5" now
- replaced HAS_CONFIGURE, CONFIGURE_SCRIPT and CONFIGURE_ENV with a
do-configure target and changed the indention level
- some perl scripts need perl5 now, so set USE_PERL5 and replace perl
with ${PERL5} where neccessary.
- honour ${CFLAGS}
Apply openssl-0.9.1c-bnrec.patch via PATCHFILES:
"DESCRIPTION:
The Big Number (BN) library in OpenSSL 0.9.1c has some problems when dealing
with very large numbers. Because mostly all other OpenSSL sub-libraries
(including the RSA library) are based on BN, this can cause failures when
doing certificate verification and performing other SSL functions. These BN
bugs are already fixed for OpenSSL 0.9.2. But for OpenSSL 0.9.1c the easiest
workaround to fix the subtle problems is to apply the above patch which mainly
disables the broken Montgomery multiplication algorithm inside BN."
Requested by: Garrett Wollman <wollman@FreeBSD.ORG>:
"If you have an RSA license, you DON'T want to use rsaref -- it's
slow as hell. The only reason you would want to use rsaref is:
1) You are in the US.
2) The patent hasn't expired yet (600-someodd days and counting).
3) You wouldn't have the right to use RSA otherwise."
OpenSSL is a successor of SSLeay (see http://www.openssl.org/).
This port uses almost the same files as SSLeay. So they can't be
installed both.
- make the port ${PREFIX} clean
- reorganize PLIST (list links as normal files, which makes the PLIST
shorter and easier to maintain)
- reference ${PREFIX}/etc/ssleay.cnf only (there was a reference to
${PREFIX}/lib/ssleay.cnf somewhere)
- some other minor portlint changes