libressl vs openssl

Watson Ladd watsonbladd at gmail.com
Thu Jan 11 13:19:39 UTC 2018 

On Wed, Jan 10, 2018 at 9:45 PM, Jan Stary <hans at stare.cz> wrote:
> On Jan 09 12:24:22, perry at piermont.com wrote:
>> On Mon, 8 Jan 2018 18:47:14 +0100 Jan Stary <hans at stare.cz> wrote:
>> > Hi Jeremy,
>> >
>> > > On Sat, Dec 02, 2017 at 06:03:17AM -0800, Jeremy Huddleston
>> > > Sequoia wrote:
>> > > > There are some things that I want to do to the port (and
>> > > > OpenSSL)
>> >
>> > It would be very nice if all ports currently depending on openssl
>> > would build against libressl, and we could get rid of openssl
>> > in favor of the way-superior libressl (until Apple replaces
>> > it system wide. ha ha ha.)
>>
>> I'm not sure I agree with the claim that libressl is necessarily better.
>
> Please read and see the following to convince yourself that
> it is desirable to replace OpenSSL with LibreSSL if at all possible.

Speaking as a port maintainer (who has to go update his port sometime)
upstream should be the ones doing as much as possible, and we should not
have to patch that much.

OpenSSL has dramatically improved their code quality over the past few
years.

>
> https://www.openbsd.org/papers/bsdcan14-libressl/index.html
> https://www.openbsd.org/papers/eurobsdcon2014-libressl.html
> https://www.youtube.com/watch?v=GnBbhXBDmwU
> https://www.youtube.com/watch?v=WFMYeMNCcSY
> https://www.tedunangst.com/flak/post/worst-common-denominator-programming
> https://marc.info/?l=openbsd-misc&m=139698608410938&w=2
> https://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
> https://www.tedunangst.com/flak/post/heartbleed-vs-mallocconf
>
> Personally, I like the socklen_t bit the most:
>
> You want to create a variable the same size as socklen_t. One fairly
> obvious solution would be to declare a variable of type socklen_t.
> That's not how OpenSSL does things, however. Instead, let's create
> a union of a couple different ints, call accept(), then inspect the
> different union members to determine which ones were overwritten by the
> kernel. Oh, and don't forget to check for big endian versus little endian.
>
> Jan
>
>



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20180111/a6195f74/attachment.html>

More information about the macports-dev mailing list