Description Jeremy Olexa (darkside) (RETIRED) 2012-02-06 18:51:44 UTC

I had the hardest time figuring out why some ecdsa stuff wasn't working with openssh, it was only some research later that I finally found out the ebuild was disabling the ecdsa in the init script itself. Therefore, I'd recommend an one-line output to the ebuild if openssl[binist] is being used. Something like this:

Index: openssh-5.9_p1-r3.ebuild
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.9_p1-r3.ebuild,v
retrieving revision 1.5
diff -u -r1.5 openssh-5.9_p1-r3.ebuild
--- openssh-5.9_p1-r3.ebuild    14 Dec 2011 19:52:12 -0000      1.5
+++ openssh-5.9_p1-r3.ebuild    6 Feb 2012 18:48:50 -0000
@@ -182,6 +182,7 @@
 
        # not all openssl installs support ecc, or are functional #352645
        if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
+               elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
                dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die
        fi