https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192511
Marcus von Appen <m...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |freebsd-port...@freebsd.org
| |, vsevo...@freebsd.org
--- Comment #3 from Marcus von Appen <m...@freebsd.org> ---
(In reply to meyer.arne83 from comment #2)
> (In reply to Marcus von Appen from comment #1)
> > Root problem:
> > As soon as libressl is installed via ports, lang/pythonXX and other ports
> > will try to pick it up, most likely due to the include and linker flags
> > order. This is problematic in two regards:
> >
> > * lang/python27 does not have an explicit BUILD/RUN_DEPENDS on libressl,
> > since libressl is not officially supported by upstream (yet)
> > * libressl is API and ABI incompatible with OpenSSL, so depending on the
> > system status (libressl installed or not), python will take the one or
> > other.
> >
> > I do not like the patch, since it would disable the function for both,
> > OpenSSL and libressl and thus effectively change the behaviour of
> > lang/pythonXX.
> Does RAND_egd even work on FreeBSD?
> I also tried to preserve the python ssl api by having PySSL_RAND_egd just
> return an error. So I don't think it's behaviour has changed. Might have
> missed something, tho.
This is just the minor part of the issue. The bigger problem is the library
being pulled in.
> > We need to get two things right:
> >
> > * handle OpenSSL support correctly and explicitly use OpenSSL, so that an
> > installed SSL replacement does not cause a wrong and unintended behaviour
> > * offer users to link against libressl explicitly (via an OPTION), which can
> > cause different behaviour.
> How about this:
> * Add smt. like WITH_OPENSSL_LIBRE and some logic to bsd.openssl.mk
> * Have the libressl port fail to build without that flag set.
That sounds reasonable. I added the libressl maintainer and portmgr@ to this
issue to get their feedback on it.
> * Add a static library or c file with dummy functions(RAND_egd, ...) to
> libressl.
That might contradict the purpose of libressl and adds a can of worms (local
patches), which should be avoided. Best'd be to ask the upstream developers of
libressl about such things, I think.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-python@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
