Bug 165604
| Summary: | databases/mysql55-server cmake patches to properly use OpenSSL | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | RandomUser <rannumgen> | ||||||
| Component: | Individual Port(s) | Assignee: | Alex Dupre <ale> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Only Me | CC: | rannumgen | ||||||
| Priority: | Normal | ||||||||
| Version: | Latest | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
|
Description
RandomUser
2012-03-02 01:20:08 UTC
Responsible Changed From-To: freebsd-ports-bugs->ale Over to maintainer (via the GNATS Auto Assign Tool) Original cmake patch for OpenSSL came from, http://bugs.mysql.com/bug.php?id=61619 -> [27 Oct 2011 8:58] Partha Dutta It's not true that mysql is not compiled with ssl support. You should tell me one valid reason why you would like to use openssl. -- Alex Dupre On 3/5/12 10:26 AM, Alex Dupre wrote:
> It's not true that mysql is not compiled with ssl support.
> You should tell me one valid reason why you would like to use openssl.
1) the Mysql55-server Makefile includes,
OPTIONS= OPENSSL "Enable SSL support" on \
however, this only attempts to enable "yassl" which is NOT OpenSSL; if
you don't want to support "OpenSSL" then call it what it is, "yassl";
don't misrepresent the intended services
2) OpenSSL is maintained by an open source based group of individuals
whereas yassl is maintained by a commercial enterprise; are you going to
track vulnerabilities and updates to yassl?
3) OpenSSL has more functionality than yassl; I also use it for other
functions other than just SSL, and I use it for other applications
besides MySQL
4) I also am an X.509 C.A. and use OpenSSL
5) I prefer to use OpenSSL as I have used it for quite a few years, it
is a well known application, I can expect the same operations in all
functions and applications where I use it, and I don't have to keep
track of multiple "ssl solutions" where I would normally use OpenSSL
6) OpenSSL is the designated "ssl solution" for many applications
7) If yassl is enabled, then yes - MySQL does include ssl, but it is
hard to verify (all symbols of installed libraries are stripped, and it
is embedded - not easy to see "from the outside"); this is NOT what I
prefer.
I have thought long and hard about either rebuilding one of my
application systems or attempting to create a new, small, test
application system, where I could test and match the SSL functionality
of yassl versus OpenSSL. It is not worth my time or effort to do so.
I am not saying that yassl should be pulled, but that OpenSSL should
most definitely be included as a ready "ssl solution". The CMAKE patches
aren't going to affect anything associated with yassl. Making BOTH
available as viable options maintains the past history of OpenSSL use
for THOSE WHO WANT IT while providing an alternative for those who
either don't want to use OpenSSL with MySQL, or they are too new to
MySQL and never knew that it could be/was used with OpenSSL before.
I have no idea why Oracle has not corrected the distributed MySQL cmake
problems which have been known for some time - though THEY are the ones
that decided to switch from "old" configure/make to cmake (cuz of one
particular OS). Perhaps they need "greenbacks" waved in front of them?
P.S. I also suggest/request that the "MySQL5x-server/pkg-message" file
be updated to include information about MySQL initialization changes
that you have made but have not documented (eg; POLA - yes, the first
FBSD MySQL that I attempted to install with your initialization changes
in it was broken - everything that I tried as per past MySQL
instructions failed - POLA).
State Changed From-To: open->closed No one valid reason has been provided, the use of OpenSSL with MySQL has been deprecated and may cause compatibility issues. |
