libressl vs openssl

Jan Stary hans at stare.cz
Wed Jan 10 20:45:01 UTC 2018


On Jan 09 12:24:22, perry at piermont.com wrote:
> On Mon, 8 Jan 2018 18:47:14 +0100 Jan Stary <hans at stare.cz> wrote:
> > Hi Jeremy,
> > 
> > > On Sat, Dec 02, 2017 at 06:03:17AM -0800, Jeremy Huddleston
> > > Sequoia wrote:  
> > > > There are some things that I want to do to the port (and
> > > > OpenSSL)  
> > 
> > It would be very nice if all ports currently depending on openssl
> > would build against libressl, and we could get rid of openssl
> > in favor of the way-superior libressl (until Apple replaces
> > it system wide. ha ha ha.)
> 
> I'm not sure I agree with the claim that libressl is necessarily better.

Please read and see the following to convince yourself that
it is desirable to replace OpenSSL with LibreSSL if at all possible.

https://www.openbsd.org/papers/bsdcan14-libressl/index.html
https://www.openbsd.org/papers/eurobsdcon2014-libressl.html
https://www.youtube.com/watch?v=GnBbhXBDmwU
https://www.youtube.com/watch?v=WFMYeMNCcSY
https://www.tedunangst.com/flak/post/worst-common-denominator-programming
https://marc.info/?l=openbsd-misc&m=139698608410938&w=2
https://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
https://www.tedunangst.com/flak/post/heartbleed-vs-mallocconf

Personally, I like the socklen_t bit the most:

  You want to create a variable the same size as socklen_t. One fairly
  obvious solution would be to declare a variable of type socklen_t.
  That's not how OpenSSL does things, however. Instead, let's create
  a union of a couple different ints, call accept(), then inspect the
  different union members to determine which ones were overwritten by the
  kernel. Oh, and don't forget to check for big endian versus little endian. 

	Jan




More information about the macports-dev mailing list