Mail archive
alpine-devel

Re: [alpine-devel] Re: openssl 1.1 support

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Thu, 25 Oct 2018 10:35:50 +0200

On Wed, 24 Oct 2018 18:47:51 -0500
William Pitcock <nenolod_at_dereferenced.org> wrote:

...

> > There are also some patches that fedora uses that we may want. Some of
> > fedoras patches are for multilib and FIPS support, which I don't think
> > we care about (yet), but there are some that replaces getenv() with
> > secure_getenv().
>
> I do not think musl have secure_getenv(3) yet.

We don't but its relatively easy to implement same functionality:

inline *char secure_getenv(const char *name) {
        return getauxval(AT_SECURE) ? NULL : getenv(name);
}

I think it may be good that we do that so that nobody gets a nasty
surprise if a suid binary is linked to openssl.

...

> > William, can you please have a look at the irc tls patch[4]? Is this
> > something we still want/need? If so, can you rebase it for openssl 1.1?
>
> We can drop it. IRCv3 STARTTLS has been all but deprecated.

Good.

> > Can you please also have a look at porting libtls-standalone to openssl
> > 1.1?
>
> I pushed a new libtls-standalone which builds against openssl 1.1.0 APIs.

Great! thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Oct 25 2018 - 10:35:50 GMT