[Cross-posting to -current because I would like some feedback about the last paragraph - namely how to test for RSA capability] How about the following: 1) I bump OSVERSION due to the (potential) presence of openssl in the base system. 2) We add a USE_OPENSSL knob to bsd.port.mk which tests for this and the openssl libraries in /usr/lib, and sets LIB_DEPENDS appropriately. 3) Setting USE_OPENSSL=RSA requires a RSA-capable version of openssl (i.e. they've either built with USA_RESIDENT=NO, or have installed rsaref and rebuilt) and emits an explanatory warning if it's not available. The only problem I can see so far is how to tell whether RSA support is available. We can do a dynamic check to see if openssl(1) can actually do RSA, but that's not as good as an existence check of something. Currently we don't build libRSARefglue.a because I couldn't see what it was useful for (it's rolled into libcrypto for us), but this still wouldn't differentiate between an (international) full openssl a (USA) neutered one without rsaref. Hmm, it may cause problems for ports which expect it, though :-( Stuffing a file in /etc is an obvious solution, but there may be a better one. Anyone? Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
