Re: libressl status

To: tech-pkg%NetBSD.org@localhost
Subject: Re: libressl status
From: "Paul B. Henson" <henson%acm.org@localhost>
Date: Mon, 25 May 2015 13:56:22 -0700

To revive this rather old thread, I just wanted to provide an update. 
After some discussion with upstream portable openntpd, the libressl team
decided to go ahead and create a standalone libtls package that will 
eventually work with openssl:

https://github.com/libressl-portable/portable/pull/83

This work has already been pulled into libressl head, and there has also
been some work on adding the missing libressl APIs to openssl:

https://github.com/busterb/openssl/commits/libressl-apis

I believe these are going to get submitted to openssl for review soon.
Unfortunately, there are still some security features missing in openssl
that haven't been worked on (for openntpd purposes, specifically the 
ability for the openssl RNG to function in an empty chroot; if I 
understand correctly it needs access to /dev/(u)random while running).

So it's not quite there yet, but it is being worked on, so I'm hopeful 
at some point in the not too distant future we can have openntpd with 
tls constraint support without having to deal with openssl vs libressl 
headaches :).

Follow-Ups:
- Re: libressl status
  - From: Sevan / Venture37

References:
- libressl status
  - From: Paul B. Henson

Prev by Date: Re: Adding Bitrig support
Next by Date: Re: error compiling editors/biew
Previous by Thread: RE: libressl status
Next by Thread: Re: libressl status
Indexes:

Home | Main Index | Thread Index | Old Index