libressl vs openssl

Gustaf Neumann neumann at wu.ac.at
Wed Jan 10 10:02:46 UTC 2018


Am 09.01.18 um 18:24 schrieb Perry E. Metzger:
> On Mon, 8 Jan 2018 18:47:14 +0100 Jan Stary <hans at stare.cz> wrote:
>> Hi Jeremy,
>>
>>> On Sat, Dec 02, 2017 at 06:03:17AM -0800, Jeremy Huddleston
>>> Sequoia wrote:
>>>> There are some things that I want to do to the port (and
>>>> OpenSSL)
>> It would be very nice if all ports currently depending on openssl
>> would build against libressl, and we could get rid of openssl
>> in favor of the way-superior libressl (until Apple replaces
>> it system wide. ha ha ha.)
> I'm not sure I agree with the claim that libressl is necessarily
> better.
i would as well be cautions with the term "superior", at least when the 
criteria
are not clear.

In the past i have provided support for OpenSSL 1.0.* and 1.1.* and
LibreSSL 2.6.3 and 2.6.4 for non-trivial projects , and from my experience
this is not a simple drop-in replacement in general. One pain is that 
OpenSSL
changed some calls between 1.0 and 1.1, and another one is that
LibreSSL claims to  be OpenSSL 2.* (via |OPENSSL_VERSION_NUMBER|)
which confuses source code that has to compare for version numbers
for the above reasons.

The process is doable (see e.g. HardenedBSD [1], OpenBSD 5.6), but
cooperation with upstream projects is probably required for some packages.

all the best
-g

[1] 
https://brnrd.eu/libressl/2016-03-06/libressl-in-hardenedbsd-base-part-ii.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20180110/93b22560/attachment.html>


More information about the macports-dev mailing list