On Mon, 14 Feb 2000, Peter Seebach wrote:

> So, obviously I don't just set DOMESTIC to /usr/src/domestic, or whatever.
> What am I supposed to be doing?

set CRYPTOBASE.  If you have a crypto-us or crypto-intl directory,
bsd.crypto.mk will set CRYPTOBASE for you.  You can just rename domestic
to crypto-us and not set anything.

It's weird--everyone is saying ``crypto-us'' now but if you sup you still
get ``domestic''.

Also see crypto-*/README for an explanation of PATENTEDOPENSSLSRC.  If you
want Idea and non-Rsaref RSA in your libssl, you need to point this
variable to some (relatively small) parts of the openssl-tarball's tree,
because these patented algorithms weren't checked into CVS.

Of course, you don't want to do this since it's illegal and therefore
Wrong, but it's, uh, interesting. :)

I've switched over to crypto-intl because the announcement sounded like
Heimdal was more likely to survive than krb5 (residual hatred for the US,
better-maintained, already IPv6-ready), but I may be wrong.  Anyway it's
eomthing to consider if you've got nothing working now and want to get
_something_ up and running.  I'm getting Heimdal with:

 ftp ftp://ftp2.no.netbsd.org/pub/NetBSD-CVS/cryptosrc-intl.tar.gz

You get RCS files.  You can get regular files quickly as follows:

  gzip -dc ../cryptosrc-intl.tar.gz | pax -r
  rm ../cryptosrc-intl.tar.gz
  mv cryptosrc-intl/* .
  rmdir cryptosrc-intl
  mkdir CVSROOT
  ( cd /usr/dist/src && (
    CVSROOT=/usr/dist/cryptosrc-intl cvs co -P crypto-intl
    find crypto-intl -type d -a -name CVS -a -print0 | xargs -0 rm -rf
  ))

These regular files can be slapped into crypto-intl, and it works (modulo
a few Makefile bugs).

-- 
Miles Nordin / v:+1 720 841-8308 fax:+1 530 579-8680
555 Bryant Street PMB 182 / Palo Alto, CA 94301-1700 / US