Bug 202990 - exp-build with WITH_OPENSSL_PORT=yes no-ssl2/no-ssl3
Summary: exp-build with WITH_OPENSSL_PORT=yes no-ssl2/no-ssl3
Status: Closed Not Accepted
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Ports Framework (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Port Management Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-09 12:52 UTC by Bernard Spil
Modified: 2015-09-09 13:00 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer freebsd_triage 2015-09-09 12:52:20 UTC 
I'd like to request an exp-build with ports' SSL built without support for either SSLv2/SSLv3. Either WITH_OPENSSL_PORT=yes and security_openssl_UNSET+= SSL2 SSL3 or a build with LibreSSL 2.3 from https://reviews.freebsd.org/D3585
 (my personal preference being the LibreSSL build as that has really _removed_ the SSLv3_ methods and structures).

Purpose is to detect what ports require patching to build/run without SSLv3 and yes I'm volunteering to fix/patch these ports and upstream the result.

I know that this has been requested before (https://bugs.freebsd.org/195796) but that was _before_ POODLE happened. Currently everyone has (or should) disable SSLv3 completely.

I have a patched Apache lying around (would help with the # packages that will build).
Comment 1 Antoine Brodin freebsd_committer freebsd_triage 2015-09-09 12:54:57 UTC 
I won't do the exp-run myself,  there's too much problems with mix of base/ports openssl for now.
Comment 2 Antoine Brodin freebsd_committer freebsd_triage 2015-09-09 13:00:48 UTC 
Reject,  for such an exp-run to detect the problems in the ports tree it has to be done with an src patch.