X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mx1.tetrasec.net (mx1.tetrasec.net [74.117.190.25]) by lists.alpinelinux.org (Postfix) with ESMTP id E8B705C5869 for ; Wed, 24 Oct 2018 15:19:56 +0000 (GMT) Received: from mx1.tetrasec.net (mail.local [127.0.0.1]) by mx1.tetrasec.net (Postfix) with ESMTP id 5F6629E1DF2; Wed, 24 Oct 2018 15:19:56 +0000 (GMT) Received: from ncopa-desktop.copa.dup.pw (67.63.200.37.customer.cdi.no [37.200.63.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: alpine@tanael.org) by mx1.tetrasec.net (Postfix) with ESMTPSA id 3F7FC9E00F8; Wed, 24 Oct 2018 15:19:54 +0000 (GMT) Date: Wed, 24 Oct 2018 17:19:50 +0200 From: Natanael Copa To: Timo =?ISO-8859-1?B?VGVy5HM=?= , William Pitcock Cc: Alpine Development Subject: [alpine-devel] openssl 1.1 support Message-ID: <20181024171950.2343fefd@ncopa-desktop.copa.dup.pw> X-Mailer: Claws Mail 3.17.1 (GTK+ 2.24.32; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi Timo, William and list, I didn't remember that I already had done testing/openssl1.1 so I re-did the work as testing/openssl. I think I'm losing it... :-/ The plan is now to merge main/openssl1.0, testing/openssl1.1 and testing/openssl into a single main/openssl, rebuild all packages that currently is linked to libssl against openssl, and finally move main/libressl to community/libressl. I have currently disabled weak crypto in openssl configure, I am not sure we need any of those, so I would appreciate some feedback there. I have also built it with no-async for now, but I think we may need enable it for nodejs. Timo, Do you think you can help with add support for openssl 1.1 to apk-tools? Can you also look over the patch list[1] and see if there are some of those patches that we need? I suspect we need 0004-fix-default-ca-path-for-apps.patch[2], but it would be nice if you can confirm that. There are also some patches that fedora uses that we may want. Some of fedoras patches are for multilib and FIPS support, which I don't think we care about (yet), but there are some that replaces getenv() with secure_getenv(). I think we may want do something similar. It would be nice if you can help me look over their patches[3] and let me know which ones of them you think we should take. Timo, do you want continue be listed as the maintainer for openssl? I will still help with the full "world" rebuild against openssl 1.1. William, can you please have a look at the irc tls patch[4]? Is this something we still want/need? If so, can you rebase it for openssl 1.1? Can you please also have a look at porting libtls-standalone to openssl 1.1? Thanks! -nc [1]: https://git.alpinelinux.org/cgit/aports/tree/main/openssl1.0/ [2]: https://git.alpinelinux.org/cgit/aports/tree/main/openssl1.0/0004-fix-default-ca-path-for-apps.patch [3]: https://src.fedoraproject.org/cgit/rpms/openssl.git/tree/ [4]: https://git.alpinelinux.org/cgit/aports/tree/main/openssl1.0/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---