Date: Thu, 25 Oct 2018 10:35:50 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: William Pitcock <nenolod@dereferenced.org>
Cc: Timo Teras <timo.teras@iki.fi>, alpine-dev
 <alpine-devel@lists.alpinelinux.org>
Subject: Re: [alpine-devel] Re: openssl 1.1 support
Message-ID: <20181025103550.18d4cc2c@ncopa-desktop.copa.dup.pw>
In-Reply-To: <CA+T2pCFRThvr1KgRP7cwEr6fVAOWd8Q=S6MaOYrmJRRoJKpOhQ@mail.gmail.com>
References: <20181024171950.2343fefd@ncopa-desktop.copa.dup.pw>
	<CA+T2pCFRThvr1KgRP7cwEr6fVAOWd8Q=S6MaOYrmJRRoJKpOhQ@mail.gmail.com>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Wed, 24 Oct 2018 18:47:51 -0500
William Pitcock <nenolod@dereferenced.org> wrote:

...

> > There are also some patches that fedora uses that we may want. Some of
> > fedoras patches are for multilib and FIPS support, which I don't think
> > we care about (yet), but there are some that replaces getenv() with
> > secure_getenv().  
> 
> I do not think musl have secure_getenv(3) yet.

We don't but its relatively easy to implement same functionality:

inline *char secure_getenv(const char *name) {
	return getauxval(AT_SECURE) ? NULL : getenv(name);
}

I think it may be good that we do that so that nobody gets a nasty
surprise if a suid binary is linked to openssl.

...

> > William, can you please have a look at the irc tls patch[4]? Is this
> > something we still want/need? If so, can you rebase it for openssl 1.1?  
> 
> We can drop it.  IRCv3 STARTTLS has been all but deprecated.

Good.

> > Can you please also have a look at porting libtls-standalone to openssl
> > 1.1?  
> 
> I pushed a new libtls-standalone which builds against openssl 1.1.0 APIs.

Great! thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---