Mail archive
alpine-devel

[alpine-devel] Re: openssl 1.1 support

From: William Pitcock <nenolod_at_dereferenced.org>
Date: Wed, 24 Oct 2018 18:47:51 -0500

Hello,

On Wed, Oct 24, 2018 at 10:19 AM Natanael Copa <ncopa_at_alpinelinux.org> wrote:
>
> Hi Timo, William and list,
>
> I didn't remember that I already had done testing/openssl1.1 so I
> re-did the work as testing/openssl. I think I'm losing it... :-/
>
> The plan is now to merge main/openssl1.0, testing/openssl1.1 and
> testing/openssl into a single main/openssl, rebuild all packages that
> currently is linked to libssl against openssl, and finally move
> main/libressl to community/libressl.
>
> I have currently disabled weak crypto in openssl configure, I am not
> sure we need any of those, so I would appreciate some feedback there. I
> have also built it with no-async for now, but I think we may need
> enable it for nodejs.
>
> Timo, Do you think you can help with add support for openssl 1.1 to
> apk-tools? Can you also look over the patch list[1] and see if there
> are some of those patches that we need? I suspect we need
> 0004-fix-default-ca-path-for-apps.patch[2], but it would be nice if you
> can confirm that.
>
> There are also some patches that fedora uses that we may want. Some of
> fedoras patches are for multilib and FIPS support, which I don't think
> we care about (yet), but there are some that replaces getenv() with
> secure_getenv().

I do not think musl have secure_getenv(3) yet.

> I think we may want do something similar. It would be
> nice if you can help me look over their patches[3] and let me know which
> ones of them you think we should take.
>
> Timo, do you want continue be listed as the maintainer for openssl? I
> will still help with the full "world" rebuild against openssl 1.1.
>
> William, can you please have a look at the irc tls patch[4]? Is this
> something we still want/need? If so, can you rebase it for openssl 1.1?

We can drop it. IRCv3 STARTTLS has been all but deprecated.

> Can you please also have a look at porting libtls-standalone to openssl
> 1.1?

I pushed a new libtls-standalone which builds against openssl 1.1.0 APIs.

William

William


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Wed Oct 24 2018 - 18:47:51 GMT