-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Given the way the makefile is set up, which is quite unique compared to makefiles that OS X usually sees, I'm not 100%. My gut feeling is that it pulls where to look for the libcrypto from the $PATH? That'd be expected behaviour. If someone was to download OpenSSL, and build it with the prefix say /usr/local/OpenSSL but NOT to link it into either /usr/bin & /usr/include or /usr/local/bin & /usr/local/include (Both screw with building software on OS X) and then for the purpose of building and using spiped temporarily exported /usr/local/OpenSSL to the $PATH, that should work. I'm not sure if that would stick though or whether they'd have to export the $PATH each time. Is there a way to test which OpenSSL spiped is using at runtime? Does it remember the libcrypto it was built with, or does it latch onto the first one in the $PATH each time? To be honest, I'd probably just recommend that if someone wants to build this package on OS X they should use the MacPorts or Homebrew build instead. Doing so facilitates spiped with the bsdmake it prefers and a reliable, updated, secure OpenSSL. Hopefully this email made some kind of useful sense. Dom Sent from Thunderbird for OS X. My PGP public key is automatically attached to this email. On 31/08/2014 01:41, Colin Percival wrote: > On 08/30/14 16:32, Dominyk Tiller wrote: >> Yeah, over at Homebrew we took the decision to start pushing >> everything we come across onto our provided OpenSSL, due to the >> security vulns of using depreciated connections. > > Makes sense, especially given the ancient OpenSSL in OS X. > >> I'm not sure what MacPorts and Fink do in regards to this >> package though. It might be worth checking those out to see if >> they're also rolling with an updated OpenSSL dep. >> >> As for people who download and build the source from scratch >> themselves, perhaps it's worth editing the BUILDING document to >> specify you really should be using a newer OpenSSL on OS X. > > Absolutely. Can you suggest appropriate wording? I don't know > what options are required to point the linker at a different > OpenSSL. > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJUAn6GAAoJEIclJNuddDJsLG8P/1rqBCSD+oRPIvXNnzr3BArX 6NVqf7fzH+VRd3Cy4C9c+YLOgHPmMmoQHtLifk5wP9S9hQ/XlgiNvYz2BfbfCfaa xWpRliHLV4PStr5Us4K3LxSsMb8wml2nCqxe8T6FPu3uUuQ3rujV2QxEH7ICqUie EY7rhKzqoEGjYaD/jXogVxIAD5XsbHG7AlPtnEeCYul9mBf+uh04B5iEREUQk0zs ozX0syWxzJnSixFJv5GQHyMFY2o1Rh2B0OzhawpiZ8Gx3vhOve2OOMoX9kc1EjKP mIJH/hkG1yyP8Us+ZAqpO8wgoPXquGF7cY5B9u3DoGvYesK0GwYqnaBht5eKQSER eBkhcnlS5mTOnFNoOa41nKp/WrWKuDR5auPeymJqWnRSsnQBdiz6d9AhjHCFBk3b dJw9ESWaepU92em/0AVT8VUui5LbaG2ov/9p0mHaudDJXzSHZ5Nt0CCPtJp/5f/o O/SkCiwnZTXpGNoAYKh6Hfyz6zEAhpug/voymnpirNcAXo48Wzes0wMbcQ9hdjiX 7TbykhHUUNh4MFWqVxM1o+0FZxxnR/Y73o1ciASXPc8yVEMgTwOPBW5Vhyl7ptXZ RBerA6GobbthIo72XMfUDHSarALPRbxMafOKVICvb0kg5ZxhPCryiAJTJrmPw7Ly n4S4bKGPq0aID9SUcatz =Jjfl -----END PGP SIGNATURE-----
Attachment:
0x9D74326C.asc
Description: application/pgp-keys
Attachment:
0x9D74326C.asc.sig
Description: Binary data