On 04/03/2015 01:49 AM, Paul B. Henson wrote: > What is the current status/thoughts regarding libressl? Reviewing the > bug and some past threads, it sounds like the initial plan was to make > openssl a virtual and let either classic openssl or libressl fulfull it?
Not anymore. We will go for "libressl" USE flag for the same reason there is a "libav" USE flag now (working subslots etc). > I'm not sure if things have changed from that viewpoint, but it really > doesn't seem they're going to be plug and play compatible 8-/. libressl > offers functionality openssl doesn't and vice versa, and playing nicely > with each other doesn't seem to be on the agenda of either. It seems it > might make more sense to treat them more like openssl and gnutls, where > they both provide similar ssl functionality but a given package might > use one, the other, or either? > Renaming library file names is a no-go, imo. Same story with symlink hacks via eselect. > The specific reason for my current inquiry is that the latest openntpd > release includes the new support from openbsd for "constraints", where > basically you can verify ntp time sources by checking their time > relative to a trusted TLS server (which provides the time in HTTP > headers). This functionality requires libtls, part of libressl. openssl > provides no compatible functionality, so this is a case where they're > not plug-and-play, openntpd requires libressl specifically. > Well, since openntpd is developed by BSD guys, no wonder about that decision... I guess you could still try to provide a compatibility patch for openssl.
