Mail archive

Re: [alpine-devel] Proposed change: openssl 1.1 as default system openssl implementation

From: A. Wilcox <>
Date: Thu, 8 Feb 2018 12:09:38 -0600

On 02/08/18 11:23, William Pitcock wrote:
> openssl 1.1 has a different situation: Akamai and the Core
> Infrastructure Initiative have come together to sponsor development
> and maintenance of openssl since we switched, which means that there's
> higher quality maintenance occuring now.

This is good to hear, I didn't know about Akamai's involvement.

> They are also working on a
> relicensing process, much like the libressl guys are doing, which has
> a larger scope[1].

That would be a boon; I wish them all the best in their efforts.

> Meanwhile, the libressl guys have been removing
> functionality we depend on, such as support for hardware accelerators
> (ENGINE apis), switching from 64-bit TAIN date calculations to time_t
> (because time_t is good enough on OpenBSD) and dropping openssl 1.0.1
> APIs they see as unsuitable.
> libressl promised to retain compatibility with 1.0.1g APIs, but has
> failed to do so. As such, there is an increasing workload to keep
> packages compatible with libressl as it evolves.

These have all caused a number of problems trying to run certain
packages on Alpine. For example, since python -dev requires
libressl-dev, you can't build Python packages that require OpenSSL. Not
to mention the fact that LibreSSL just plain doesn't work on Adélie's
32-bit PowerPC and x86 ports.

> Therefore, it is
> obviously not truly a suitable provider for the openssl package, and
> we should switch back to proper openssl as the default. We will
> however retain libressl for packages which require it (for example,
> ones using the new libtls APIs).


> [1]:

One question I do have is: is there a way to disable the OpenSSL
compatibility in LibreSSL? It would be good for packages that require
LibreSSL (libressl-dev) to be buildable even if openssl-dev is installed
(preventing something like the above Python situation).

Best regards,

A. Wilcox (awilfox)
Project Lead, Adélie Linux

Received on Thu Feb 08 2018 - 12:09:38 UTC