[Exherbo-dev] ssl options

Elias Pipping pipping at exherbo.org
Mon Jul 11 00:59:45 BST 2011

Dear list,

the package net-wireless/wpa_supplicant::arbor has had its ssl option
renamed to openssl in ece231eadf4ef751a9f1d741457a06c3fc01a5fa.

The package net-libs/libssh::net which previously made unconditional
use of openssl can now be built against either openssl or
libgcrypt. For that, the options openssl and gcrypt were added in

This implies that anyone who currently has wpa_supplicant[ssl] and
libssh installed will have to switch to wpa_supplicant[openssl] and
libssh[openssl] to keep his or her current setup.

What provoked the renaming is the ambiguity of the ssl option. An ssl
option in a package cat/pkg could mean

 * the package has optional support for connections via ssl. pkg[-ssl]
   will have fewer features than pkg[ssl]. the package will not
   necessarily use openssl, even with the ssl option set. ( quite a
   couple of packages do this, using e.g. openssl or gnutls )

 * the package has optional support for connections via ssl. pkg[ssl]
   will use openssl to achieve this; pkg[-ssl] will either disable
   support for connections via ssl or provide such connections via
   another package pkg2 if the corresponding option is set. (
   wpa_supplicant did this; the second package was gnutls )

 * the package can use openssl as a pseudo random number
   generator. pkg[-ssl] will use another source for random numbers;
   e.g. an internal implementation ( openntpd does this )

This is clearly confusing and something should be done about it; that
is what motivated the afore-mentioned changes.

One approach would be to drop any ssl option of the following form:

 + if the ssl option is set, the package supports connections via ssl,
   e.g. by means of an external library

 - if the ssl option is unset, the package does not support
   connections via ssl

and enable such support unconditionally.

Best regards,

Elias Pipping

More information about the Exherbo-dev mailing list