by redmail.netbsd.org with SMTP; 3 Mar 2000 09:55:54 -0000
	by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id SAA01172;
	Fri, 3 Mar 2000 18:55:15 +0900 (JST)
To: Bernd Ernesti <netbsd@arresum.inka.de>
cc: tech-security@netbsd.org
In-reply-to: netbsd's message of Fri, 03 Mar 2000 09:44:28 +0100.
      <200003030844.JAA03157@arresum.inka.de>
Subject: Re: "racoon" installation
From: itojun@iijlab.net
Date: Fri, 03 Mar 2000 18:55:15 +0900
Message-ID: <1170.952077315@coconut.itojun.org>


>> 	Hello.
>> 	KAME racoon (IKE daemon) is trying to improve certificate support.
>> 	Use of RSA is very popular for X.509 certificates.  Therefore, with
>> 	plain installation of NetBSD-current with crypto-{us,intl}, racoon
>> 	cannot support certificates.  It would be a bit pity situation.
>That can be fixed when you use PATENTEDOPENSSLSRC in /etc/mk.conf.
>If thats not enough, then we have to provide more support to fix the problem.

	What process we would need to install files for PATENTEDOPENSSLSRC
	configuration?  Where can I find documentation on it?  I believe
	it requires non-trivial process, like swapping
	crypto-{intl,us}/dist/openssl by plain openssl (correct?).
	It looks to be something not everyone can do without mistake.

itojun