Tom "spot" Callaway wrote: > On 06/21/2010 12:05 PM, Paul Wouters wrote: > >> On Mon, 21 Jun 2010, Tomas Mraz wrote: >> >> >>>> I would be great if we could change the spec file to have a proper flag >>>> to enable/disable GOST/ECC so that people can easilly rebuild with GOST >>>> support if they need to (and it is legal for them). Would that be >>>> legally possible? >>>> >>> This is not possible as the ECC algorithm sources are removed from the >>> source tarball prior to adding it to the Fedora CVS. >>> >> Would it still be possible to have the define with a comment to grab the >> source outside the CVS repo? I am just trying to minimise the work that >> has to be done and maintained separately from the Fedora openssl.spec file. >> > > No, sorry. > AFAIK the GOST engine in openssl-1.0 can be compiled as a shared object. IOW, we could create openssl-freeworld in rpmfusion etc... Besides that, the applications should call now some openssl's init routine before the use of ssl, else such an extra engine will not be determined by the ssl library at runtime (see http://www.cryptocom.ru/OpenSource/OpenSSL_eng.html for more info about application patches required for "external GOST engine" + openssl-1.0.0). Regards, Dmitry Butskoy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
