| Age | Commit message (Collapse) | Author |
|---|
|
gmid (like all other daemons that want to do privsep crypto) has a
very close relationship with libtls and need to stay in sync with
it.
OpenBSD' libtls was recently changed to use OpenSSL' EC_KEY_METHOD
instead of the older ECDSA_METHOD, on the gmid side we have to do
the same otherwise failures happens at runtime. In a similar manner,
privsep crypto is silently broken in the current libretls (next
version should fix it.)
The proper solution would be to complete the signer APIs so that
applications don't need to dive into the library' internals, but
that's a mid-term goal, for the immediate bundling the 'little'
libtls is the lesser evil.
The configure script has gained a new (undocumented for the time
being) flag `--with-libtls=bundled|system' to control which libtls
to use. It defaults to `bundled' except for OpenBSD where it uses
the `system' one. Note that OpenBSD versions before 7.3 (inclusive)
ought to use --with-libtls=bundled too since they still do ECDSA_METHOD.
|
|
strnvis originates on OpenBSD. When NetBSD added it to their libc
they decided to swap the argument. Without starting a holy war on
the "best" argument order, adding an implementation of a function
that's widely available and making its signature purposefully
incompatible is beyond justification. FreeBSD (and so macos too?)
followed NetBSD in this, so we end up with *two* major and incompatible
strnvis implementations. libbsd is in a limbo, they started with
the OpenBSD version but they'll probably switch to the NetBSD version
in the future.
That's why we can't have nice things.
Do the right thing(tm) and check for the presence of the original
strnvis(3), if not available or broken use the bundled one.
|
|
now it resembles less oconfigure and more the configure scripts I'm
using in my recent projects. I'd argue it's more easy to use it.
|
|
|
|
|
|
|
