Theo Buehler

Thanks for the report. Yes, that file should have been part of the release tarball. @busterb when you have time could you please roll a 4.2.1 that includes this file...

> We will use memset in our downstream port regardless if your standards prefer bzero() -- the bsd bzero in IRIX has problems and loves to break weirdly. This isn't...

This is with cmake, right? If I understand correctly, the autoconf build disables assembly by passing `-DOPENSSL_NO_ASM` and this is an issue with CMake's ENABLE_ASM logic on this platform. As...

Agreed. Hence "issue", "workaround". It will be fixed soon.

It is a known issue and it is annoying. I do not want to add this patch since it does not fix anything. There is no problem that is solved...

People have tried to upstream similar changes and they were rejected: https://marc.info/?l=openbsd-tech&m=173056731630093&w=2

The way I believe we should try to solve this is as follows: we have a mktemp implementation in openrsync that can create a socket: https://github.com/openbsd/src/blob/7639f02327c4dddc3a3d0bd41f882fd3514a054a/usr.bin/rsync/mktemp.c#L162 if we can drop...

I would have to investigate more closely, but I suspect that our CMS code does not support AEAD ciphers properly, which to my knowledge would need to have some support...

Thanks. So I think this has been broken since forever in our CMS code - the only reason we have reimported it is for signedData support, because we need that...

Thanks. I think this is mostly expected since the generic TLS methods set `.ssl_renegotiate` to `ssl_undefined_function()`. If you pass `-tls1_2` to force a method supporting renegotiation this works. We could...