Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build

functionality for shared libs.

Note that routines such as sslv2_init and friends that use RSA will
not work due to lack of RSA in this library.

Needs documentation and help from ports for easy upgrade to full
functionality where legally possible.

1 files changed, 66 insertions, 0 deletions

diff --git a/lib/libssl/README.OPENBSD b/lib/libssl/README.OPENBSD
new file mode 100644
index 00000000000..7cc3d0d424a
--- /dev/null
+++ b/lib/libssl/README.OPENBSD
@@ -0,0 +1,66 @@
+
+	This is an SSLeay-0.9.0b (the b means the PKCS#1 bug is fixed) tree.
+	
+	It has the following modifcations made to it.
+
+	0) util/perlpath.pl has been run to change perlpath to /usr/bin
+	   util/ssldir.pl has been run to change the ssl dir to /usr/ssl
+	   Null check added to crypto/err/err.c (mailed to Eric Young)
+	   to avoid problems in error handling.  Includes install into
+           /usr/include/ssl, certs and configs are expected to be in
+           /etc/ssl.
+
+	1) Changes for openbsd compilation to have been made to
+	   config and Configure (these have been sent to Eric Young)
+
+NOTES:
+
+	Many tests will fail miserably, since most of them start
+	with SSL v2, which requires RSA, and of course, they barf.
+	idea tests will also fail. This is to be expected. Do
+	"make -k test" if you want to see the output and draw
+	your own conclusions.
+
+	Many parts of the utility programs may not work, although things
+	like client and server will provided you start them in a mode
+	that does not require RSA to operate.
+
+	Unlike an ssl library built to remove the offending routines
+	(which removes many of the things like SSL23init which many
+	packages like web servers use) this library does contain
+	stubs for everything. The patent bits will simply fail. The
+	idea is that this may be used as is for limited functionality,
+	or where possible replaced with a full function library. When
+	porting an app it is important to remember to try to use the
+	tls1 version of stuff first where possible. I.E. if you're
+	going to SSL-ize OpenBSD telnet, for example, call the tls1 init
+	functions *NOT* sslv2init or sslv23init, or you'll be dependent
+	on RSA and have a version that will only work with a full
+	function library. Use the tls versions and you'll work with
+	both - a good thing.
+
+	"crypto" and "ssl" are OpenBSD style build dirs for the
+	libraries of the same name. "ssleay" is the build dir for the
+	"ssleay" executable, used to control everything vagely ssleay
+	like, from testing to generating certificates, to playing
+	simple client server games. libraries expect to install headers
+	in "/usr/include/ssl", libraries in /usr/lib, ssleay in /usr/sbin
+
+TODO:
+	SSLeay contains just no library docs, it's all use the
+	force, read the source. This should be fixed sometime.
+
+	DSS certificate generation is a black art. This
+	needs to be properly documented and a comprehensive procedure
+	written up, at least for how to generate a cert for 
+	a host to be used by multiple servers. beck@ has talked
+	to Mark Shuttleworth of Thawte, and he has agreed that
+	if we can get DSS hosts certs up and running Thawte will
+	consider providing the service (for the usual fee of course)
+	of for-real signing of OpenBSD host certs for those who
+	want a real CA for things like telnet and ftp and the like.
+	
+	Apps beyond ssleay need testing - apps that use exclusively old style
+	sslv2 or sslv2/3 need to be converted/modified where possible to
+	try the tls1 stuff, so that we can handle doing things without
+	RSA.