Bug 206989

Summary: mail/opensmtpd: Add libressl support, base openssl default
Product: Ports & Packages Reporter: Andrey Fesenko <andrey>
Component: Individual Port(s)Assignee: Ashish SHUKLA <ashish>
Status: Closed Not Accepted    
Severity: Affects Only Me CC: andrey, ashish, brnrd
Priority: --- Keywords: feature, needs-qa, patch
Version: LatestFlags: bugzilla: maintainer-feedback? (ashish)
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Update patch
andrey: maintainer-approval? (ashish)
poudriere bulk -t log curent
none
poudriere bulk -t log 9.3 none

Description Andrey Fesenko 2016-02-07 00:56:58 UTC 
Created attachment 166683 [details]
Update patch

After help fluffy@ https://people.freebsd.org/~fluffy/patches/opensmtpd-5.7.3.p2.diff rework SSL support, add base-SSL (default), after 10.2 this satisfies all configure check (9.3 only disable EVP_aes_256_gcm).
Comment 1 Andrey Fesenko 2016-02-07 00:58:33 UTC 
Created attachment 166684 [details]
poudriere bulk -t log curent
Comment 2 Andrey Fesenko 2016-02-07 00:59:17 UTC 
Created attachment 166685 [details]
poudriere bulk -t log 9.3
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2016-02-07 05:09:10 UTC 
The ports framework already provides a user-configurable option to switch OPENSSL_PORT and there have been numerous other proposals in the past to add LIBRESSL/OPENSSL as port OPTIONS in the the past for individual ports, which have been deferred/denied on the basis that its desirable:

* For the ports framework to provide these OPTIONS consistently in every port that offers SSL functionality, instead of on a port by port basis, given that LIBRESSL/OPENSSL are drop-in replacements of each others.

* To ensure that any port that offers these ports as options, does so in a consistent manner, with regard to option naming, and behaviour.

CC'ing Bernard, who recently proposed a change to add something similar in another port.
Comment 4 Bernard Spil freebsd_committer freebsd_triage 2016-02-07 09:21:19 UTC 
OpenSSL and LibreSSL can not co-exist. The option must be global as it currently is using WITH_OPENSSL_PORT= yes and WITH_OPENSSL= security/(openssl|libressl|libressl-devel)

The only reason to have a hard dependency on LibreSSL is if the port requires libtls which does not exist in OpenSSL (e.g. www/obhttpd)

Setting WITH_OPENSSL_PORT requires a rebuild of all ports in use or suffer from cascaded dependency fails.
Comment 5 Ashish SHUKLA freebsd_committer freebsd_triage 2016-02-25 06:40:00 UTC 
Rejecting in favour of bug #206523