Subject: Re: OpenSSL package license confusion...
To: Chris Pinnock <cjep@fawlty.net>
From: Greg Troxel <gdt@ir.bbn.com>
List: netbsd-users
Date: 11/21/2003 12:39:32
  There are some patents that may apply to you if you use OpenSSL. 
  It is IDEA and RC5 that are the problem (IIRC).

That is my understanding as well, at least about IDEA.

I had a different problem, which is that some package wanted to pull
in openssl, and grabbed the pkgsrc version instead (because my in-tree
version was < 0.9.6l).  It then declined to build it, since it has an
unacceptable license.

I consider this a pkgsrc bug; openssl should be the
omit-patented-algorithms version, with perhaps openssl-nonfree being
the (conflicting) version with those algorithms enabled, or a mk.conf
define being available to include them.  While openssl is in base, it
seems there have been several occasions when pkgsrc builds it,
typically due to version skew in bugfixes.;

As a workaround (but not a fix) I put in mk.conf (on 1.6.2--):

BUILDLINK_CHECK_BUILTIN.openssl=        YES

(It seems the in-tree openssl does not include idea, but one can build
libcrypt_idea if one wants.  This makes sense, but would be awkward
for pkgsrc.)

It's not clear to me how much idea/rc5 are actually used from the
openssl package anyway; dropping them from the pkgsrc build (with a
make conditional to put them back) might not hurt much.

-- 
        Greg Troxel <gdt@ir.bbn.com>