X-Original-To: alpine-devel@lists.alpinelinux.org
Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45])
	by lists.alpinelinux.org (Postfix) with ESMTP id AB6E15C58BE
	for <alpine-devel@lists.alpinelinux.org>; Wed, 24 Oct 2018 23:48:03 +0000 (GMT)
Received: by mail-wr1-f45.google.com with SMTP id g9-v6so7328350wrq.4
        for <alpine-devel@lists.alpinelinux.org>; Wed, 24 Oct 2018 16:48:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=dereferenced-org.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=W1Xm5ED0VO8LL6CnZNg2JJIiSn/BLaGEVs9arrFn1KM=;
        b=YpTp/43qgDxT3mWdIfkL4yCjT7Tfg9zkg7kD/di4sMcooIsEqJir5lhCv3letpF6SA
         ARZPqKOSFHNeso051ITQvw/m3nGDtGzYnH8nh5ohGsUg9X9/UyM/zR/KMDOcc8dlvhnq
         hebGrFwQqL9Xkz4vgVIhkml6q6+NFeA5qs82jX7SYKRPOvn4yTfOKhIePbLqeHd4cDH8
         jceCLFndcuGE1BQfWCSx1b+1jv17xD61BI4K7lw8D/iqohLAJnCubW1tgikpJqoHk6Ik
         9w4sxg7sCR0cShwN5iCFcfW6lZ0/HTZh4DeU4EmXTrA0t80lvburLqk0za0t8R1E6QCy
         MyRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=W1Xm5ED0VO8LL6CnZNg2JJIiSn/BLaGEVs9arrFn1KM=;
        b=nQM1wra5nlT96t32yVrSctjaegj/E6SGgyNk/b0RksQpB9C4uDwRkXjdFAJ5IgYNaL
         VHSxdui8SVGLiOYt4ldj60/ujP+VbalOjmsIcz087wiEJAsT0P5EyKRXIh8vgZ1pBy/p
         9R0QbBKB5kwBkeM3Sdbw8/wEyZB66wh1vR7Q2a6jUKekhM7k68Upv3G9Ne0nMU5Gs4SU
         k4gHhUkiv8FIWssBmppy7rKrHSJzaT+x52hwXYAyN1OxgRGKzwjhCax53VtyEh3lByNO
         e+vNu+X72IWadX05BleRy4xztDX+Rf+16qq+LsMwsPm6vNVTfbY0IutHVEmHM81NMxoZ
         +c1A==
X-Gm-Message-State: AGRZ1gKxluEYBXruZCJVxsU7n8dmSKSrgicoAAlOHXJu6mTaVf9TCPC5
	vadrrMuoytlP8J8gP3QijDQNDISGWBbkZO9z523jsw==
X-Google-Smtp-Source: AJdET5e0N0gYShznn06rCzfvS0rjEnJhtYGRWiMUejGpMr1Oq2DNOJ2muC889v8vjHTs+3AjZpkMoM6SzEp0mh6O+IE=
X-Received: by 2002:a5d:4306:: with SMTP id h6-v6mr1853941wrq.189.1540424882786;
 Wed, 24 Oct 2018 16:48:02 -0700 (PDT)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
References: <20181024171950.2343fefd@ncopa-desktop.copa.dup.pw>
In-Reply-To: <20181024171950.2343fefd@ncopa-desktop.copa.dup.pw>
From: William Pitcock <nenolod@dereferenced.org>
Date: Wed, 24 Oct 2018 18:47:51 -0500
Message-ID: <CA+T2pCFRThvr1KgRP7cwEr6fVAOWd8Q=S6MaOYrmJRRoJKpOhQ@mail.gmail.com>
Subject: [alpine-devel] Re: openssl 1.1 support
To: Natanael Copa <ncopa@alpinelinux.org>
Cc: Timo Teras <timo.teras@iki.fi>, alpine-dev <alpine-devel@lists.alpinelinux.org>
Content-Type: text/plain; charset="UTF-8"

Hello,

On Wed, Oct 24, 2018 at 10:19 AM Natanael Copa <ncopa@alpinelinux.org> wrote:
>
> Hi Timo, William and list,
>
> I didn't remember that I already had done testing/openssl1.1 so I
> re-did the work as testing/openssl. I think I'm losing it... :-/
>
> The plan is now to merge main/openssl1.0, testing/openssl1.1 and
> testing/openssl into a single main/openssl, rebuild all packages that
> currently is linked to libssl against openssl, and finally move
> main/libressl to community/libressl.
>
> I have currently disabled weak crypto in openssl configure, I am not
> sure we need any of those, so I would appreciate some feedback there. I
> have also built it with no-async for now, but I think we may need
> enable it for nodejs.
>
> Timo, Do you think you can help with add support for openssl 1.1 to
> apk-tools? Can you also look over the patch list[1] and see if there
> are some of those patches that we need? I suspect we need
> 0004-fix-default-ca-path-for-apps.patch[2], but it would be nice if you
> can confirm that.
>
> There are also some patches that fedora uses that we may want. Some of
> fedoras patches are for multilib and FIPS support, which I don't think
> we care about (yet), but there are some that replaces getenv() with
> secure_getenv().

I do not think musl have secure_getenv(3) yet.

> I think we may want do something similar. It would be
> nice if you can help me look over their patches[3] and let me know which
> ones of them you think we should take.
>
> Timo, do you want continue be listed as the maintainer for openssl? I
> will still help with the full "world" rebuild against openssl 1.1.
>
> William, can you please have a look at the irc tls patch[4]? Is this
> something we still want/need? If so, can you rebase it for openssl 1.1?

We can drop it.  IRCv3 STARTTLS has been all but deprecated.

> Can you please also have a look at porting libtls-standalone to openssl
> 1.1?

I pushed a new libtls-standalone which builds against openssl 1.1.0 APIs.

William

William


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---