Mail archive

Re: [alpine-devel] Proposed change: openssl 1.1 as default system openssl implementation

From: William Pitcock <>
Date: Sat, 10 Feb 2018 08:24:56 -0600


On Sat, Feb 10, 2018 at 8:01 AM, Kevin Chadwick <> wrote:
> On Sat, 10 Feb 2018 07:40:28 -0600
>> >
>> >
>> > I use long long/uint64_t on my embedded development and don't build
>> > for linux so personally I don't understand especially with
>> This mailing list is for the discussion of Alpine Linux, not OpenBSD.
>> It appears you do not use Alpine nor develop Alpine, so why exactly
>> are you here?
> That link talks about TAI64N not being in the standards which you
> raised as an issue for alpine?

I did not say that TAI64N is part of the TLS standard, I said that it
was a portable way to hold a date that ensures Y2038 safety.

I said that OpenSSL uses TAI64N-like date calculations to ensure Y2038
safety, which it does.

I also said that OpenBSD uses a 64-bit time_t to ensure Y2038 safety
on OpenBSD, which it does.

I also said that Alpine uses a 32-bit time_t on 32-bit systems, which
is not Y2038 safe, which it does.

Natanael pointed out a workaround that LibreSSL did, that tests the
32-bit time_t for overflow and then accepts the certificate as valid
if it did, which is still not Y2038 safe, still completely missing the
point, still dodgy, and arguably an actual security vulnerability. In
other words, it got WORSE, not BETTER.

At no time did I say that LibreSSL was unsafe on OpenBSD 32-bit, in
fact, I explicitly said "OpenBSD uses a 64-bit time_t which is good

> I was trying to help.
> I dabbled with Alpine for a few use cases and really like it. I have
> respect for Natanael and recommend alpine where OpenBSD does not suit
> which isn't many cases. I am also subscribed to hardened Gentoo out of
> interest.
>> For anyone else wanting to killfile this troll, note he also posts
>> from a domain.
> I regret saying you may have an agenda and apologise for it looking
> back if that is what you mean by trolling.

My only agenda is to make sure that programs stuck with the dumpster
fire known as OpenSSL have an implementation that works CORRECTLY and
SAFELY for the people using it on 32-bit systems. It certainly is not
to promote the use of OpenSSL, if you got that idea, you have a
serious misunderstanding on my position regarding both LibreSSL and
OpenSSL: they're both garbage, and programs should use neither.

> On reflection your original email was mainly vexing for the "proper" and as I feel I have
> demonstrated (by standing on peers shoulders), largely incorrect.

You have demonstrated nothing.

Instead, you cross-post my mail, and that of several other people, out
of context, to openbsd-misc and therefore invite a bunch of people to
troll privately.

> I have no trolling intentions and have not used yahoo for many years?

If this is not about trolling, then Iran-Contra wasn't about weapons
for hostages.

Killfiled for real this time.


Received on Sat Feb 10 2018 - 08:24:56 UTC