some piece of the base system (a-la crypto). I wrote "rsaref port" instead
of "security/rsaref" since on the remote chance that rsaref switches
categories, I don't want the message to become wrong.
According to the OpenSSL-core-team you are strongly encouraged to upgrade
any old version. The new version has a lot of bug fixes.
- ${PREFIX}/bin/ssleay was renamed to ${PREFIX}/bin/openssl and
${PREFIX}/etc/ssleay.cnf to ${PREFIX}/lib/openssl.cnf
- there are no links from e. g. ${PREFIX}/bin/md5 to ${PREFIX}/bin/ssleay
any longer, instead you have to call "openssl md5" now
- replaced HAS_CONFIGURE, CONFIGURE_SCRIPT and CONFIGURE_ENV with a
do-configure target and changed the indention level
- some perl scripts need perl5 now, so set USE_PERL5 and replace perl
with ${PERL5} where neccessary.
- honour ${CFLAGS}
Apply openssl-0.9.1c-bnrec.patch via PATCHFILES:
"DESCRIPTION:
The Big Number (BN) library in OpenSSL 0.9.1c has some problems when dealing
with very large numbers. Because mostly all other OpenSSL sub-libraries
(including the RSA library) are based on BN, this can cause failures when
doing certificate verification and performing other SSL functions. These BN
bugs are already fixed for OpenSSL 0.9.2. But for OpenSSL 0.9.1c the easiest
workaround to fix the subtle problems is to apply the above patch which mainly
disables the broken Montgomery multiplication algorithm inside BN."
Requested by: Garrett Wollman <wollman@FreeBSD.ORG>:
"If you have an RSA license, you DON'T want to use rsaref -- it's
slow as hell. The only reason you would want to use rsaref is:
1) You are in the US.
2) The patent hasn't expired yet (600-someodd days and counting).
3) You wouldn't have the right to use RSA otherwise."
OpenSSL is a successor of SSLeay (see http://www.openssl.org/).
This port uses almost the same files as SSLeay. So they can't be
installed both.
- make the port ${PREFIX} clean
- reorganize PLIST (list links as normal files, which makes the PLIST
shorter and easier to maintain)
- reference ${PREFIX}/etc/ssleay.cnf only (there was a reference to
${PREFIX}/lib/ssleay.cnf somewhere)
- some other minor portlint changes
want to touch it.
While I'm here, change MASTER_SITES to URL form (ftp://) and add
markm as the maintainer (he's the only one who touched this
Makefile since the beginning of history)....
This implementation has been built with Our ((actually its own but in our
source tree) DES library and our MD{45}. You will need to link your SSL
code with -ldes and -lmd.
Are you happy now, Torsten? ;-)
