Latest update to security/stunnel removes libressl support

it's weird, it sounds like Mike approves it on FreeBSD but not others. The reasoning for either is unclear to me.
It also sounds like the port could be set to NO_PACKAGE MANUAL_PACKAGE if libressl is detected so people can build it themselves (which avoids distribution)
  • Thanks
Reactions: Oko
so 2 more thoughts:
  1. DragonFly, TrueOS, and HardenBSD are a different case than FreeBSD, because the former provide libressl as part of the OS, so it's covered by GPL already and I don't think stunnel author can subvert that
  2. stunnel author apparently has a beef with libressl and is intentionally trying to block its adoption
sounds like its time to find a new tunnel program
  • Thanks
Reactions: Oko
I'd love to find another secure tunnel program that meets my use case (tunneling SMB without maintaining a constant connection between client and server), given how obstinate the developer is. Does such a thing exist? I previously tunneled an SMB connection over SSH, but that required a constant SSH connection.

In any event, I'm still not convinced that the license actually lets the developer legally do what he wants to do.
you shouldn't be.
The stunnel license covers modified OpenSSL if the license is unchanged. Isn't LibreSSL just a modified OpenSSL with the same license? If so, there's no problem for *any* OS.
Secondly, I think "distribution" is a key word. There should be no legal problem with manually building as long as the resulting package is not distributed (against assuming the first bullet isn't in effect)

I think this guy just shot off his mouth without thinking, and now feels compelled to dig in his heels so he doesn't have to admit he's wrong.
  • Thanks
Reactions: Oko
You're right -- LibreSSL is released under the OpenSSL license. I erroneously thought it had been relicensed somehow. And the official FreeBSD stunnel package links to OpenSSL, so there's no distribution of a LibreSSL-linked version.

So the patches should be recommitted.
yeah, I think zi@ should reconsider based on what's been said and revealed here. You have a good point that the patches don't hurt the baseline openssl build, they just enable the build for people that specify libressl optionally or the 3 OSs that have libressl in base (which is already covered by GPL system library exception and thus exempt already)
  • Thanks
Reactions: Oko
The developer would be on very shaky ground if someone challenged the case and took it to a court, he is basically saying that he can by his whim re-interpret and re-write the licensing conditions he originally chose for his software. That's not going to fly very far.

That challenge is not going to come from FreeBSD though, the Foundation and the Project try to avoid legal confrontations at all cost.

Ironically, the GPL offers too much "freedom" now :D
Any updates on this? I was holding off on patching the port locally in the hope that this would be fixed.