First Release of LibreSSL Portable Is Available

ConstantineM writes: It has finally happened. Bob Beck of The OpenBSD Foundation has just announced that the first release of LibreSSL portable is now available, and can be found in the LibreSSL directory of your favourite OpenBSD mirror. libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OS X and FreeBSD. This is intended to be an initial portable release of OpenBSD's libressl to allow the community to start using it and providing feedback, and has been done to address the issue of incorrect portable versions being attempted by third-parties. Support for additional platforms will be added as time and resources permit.

Re:first security vulnerability to be discovered!

[Noryungi]

in 3....2.......1............

That was the goal from the vey beginning: make the code less horrible to get people involved and correct as much as possible.

So, yes, they will find more problems. They expect that.

Re:Happy to let someone else test it

[Noryungi]

There is not just ''cruft'' in the code base: if I remember correctly, they removed thousands upon thousands of lines of code from OpenSSL - think VMS, Borland C, Windows 3.x, MS Visual C++ (etc) support.

And they tested the whole thing on the OpenBSD ports - so far, nothing has been broken.

Oh and FIPS support? Not gonna happen. Bob Beck has been very very clear on that subject. OpenBSD does not care too much about US government standard.

Welp, time to start the VMS port

[jandrese]

Oh good, now we can get that vital VMS, DOS, and MacOS 7 support so they're not stuck on OpenSSL.

Re:Happy to let someone else test it

[Bengie]

Heartbeat support is optional and negotiated. I don't know why you think it 'must' be supported.

Also works fine under NetBSD

[ci4]

Test suite summary for libressl 2.0.0
'make check' under -current amd64:

TOTAL: 41
PASS: 41
SKIP: 0
XFAIL: 0
FAIL: 0
XPASS: 0
ERROR: 0

Re:Donate

[Noryungi]

Oh boy, there is so much wrong here... Where to start?

First of all, OpenSSL problems are not ''getting fixed''. Part of the problem is that funding for OpenSSL was primarily based on company XYZ sponsoring function ABC. This gave incentives to the OpenSSL devs to add more functionalities on top of the cruft, the horrible mess that was the code base. More funding equals more developpers equals more eyeballs, but we haven't seen the progress so far.

Second of all, OpenBSD has given a HUGE amount of (BSD licensed) code to the rest of the world, Linux included. Try typing "ssh -V" on any Linux machine and I can guarantee you will get OpenSSH. And if you are like me, this is something you use EVERY. FREAKING. DAY. So please stop the trolling about OpenBSD, mmmmkay?

Third, the amount of code that has been cleaned up, improved, deleted and just plain scrubbed is simply amazing. You can say whatever you want about OpenBSD cranky devs, they know their stuff and they know their way around C code.

Fourth, OpenSSL is BSD/Apache licensed, and not GPL, so stop spouting off about supporting GPL software - not everything has to be blessed by Stallmann to be acceptable. And, yes, the Linux Foundation recognizes this - while you don't.

Re:Other OS's

[armanox]

Which I already eliminated that possibility saying I was building it at home. I'd also like to believe that there are very few security critical things still using IRIX, even though I know better (at least SGI was still releasing security patches until this year....).