On 12/8/2015 5:41 PM, Patrik Lundin wrote: > On Tue, Dec 08, 2015 at 11:18:53PM +0100, Patrik Lundin wrote: >> >> What is picking up botan? I looked at every @bin and @lib with ldd and I >> can't see anyone referring to that library. What am i missing? >> > >>From http://kea.isc.org/docs/kea-guide.html#required-software: > === > Kea supports two crypto libraries: Botan and OpenSSL. Only one of them > is required to be installed during compilation. Kea uses the Botan > crypto library for C++ (http://botan.randombit.net/), version 1.8 or > later. As an alternative to Botan, Kea can use the OpenSSL crypto > library (http://www.openssl.org/). It requires a version with SHA-2 > support. > === > > I realize I do not know which library is preferred from the upstream > perspective, but using LibreSSL seemed nice (and this is what was choosen on > my > build box). > > On my box the following is seen: > === > # ldd /usr/local/sbin/kea-dhcp4 > [...] > 00001f4847a77000 00001f4848045000 rlib 0 7 0 > /usr/lib/libcrypto.so.36.1 > [...] > === > >>From config.log (after tests for botan have failed): > === > configure:17410: checking for OpenSSL library > configure:17430: result: yes > configure:17468: checking OpenSSL version > configure:17480: result: LibreSSL 2.3.2 > configure:17485: checking support of SHA-2 > configure:17506: c++ -o conftest -O2 -pipe -DOS_BSD conftest.cpp -lcrypto > >&5 > configure:17506: $? = 0 > configure:17507: result: yes > === > > I can ask upstream what they prefer if there are no strong opinions raised on > this list. >
One of the reasons I am moving back to OpenBSD (now that rtadv and IPv6 forwarding are now supported simultaneously) is due to things like LibreSSL, and the thought and code quality behind it. If upstream doesn't have a strong preference, please go to LibreSSL. thx.
