Mail archive

[alpine-devel] openssl 1.1 support

From: Natanael Copa <>
Date: Wed, 24 Oct 2018 17:19:50 +0200

Hi Timo, William and list,

I didn't remember that I already had done testing/openssl1.1 so I
re-did the work as testing/openssl. I think I'm losing it... :-/

The plan is now to merge main/openssl1.0, testing/openssl1.1 and
testing/openssl into a single main/openssl, rebuild all packages that
currently is linked to libssl against openssl, and finally move
main/libressl to community/libressl.

I have currently disabled weak crypto in openssl configure, I am not
sure we need any of those, so I would appreciate some feedback there. I
have also built it with no-async for now, but I think we may need
enable it for nodejs.

Timo, Do you think you can help with add support for openssl 1.1 to
apk-tools? Can you also look over the patch list[1] and see if there
are some of those patches that we need? I suspect we need
0004-fix-default-ca-path-for-apps.patch[2], but it would be nice if you
can confirm that.

There are also some patches that fedora uses that we may want. Some of
fedoras patches are for multilib and FIPS support, which I don't think
we care about (yet), but there are some that replaces getenv() with
secure_getenv(). I think we may want do something similar. It would be
nice if you can help me look over their patches[3] and let me know which
ones of them you think we should take.

Timo, do you want continue be listed as the maintainer for openssl? I
will still help with the full "world" rebuild against openssl 1.1.

William, can you please have a look at the irc tls patch[4]? Is this
something we still want/need? If so, can you rebase it for openssl 1.1?

Can you please also have a look at porting libtls-standalone to openssl




Received on Wed Oct 24 2018 - 17:19:50 UTC