On Mon, Apr 04 2016 22:15:12 +0100, Peter Tribble wrote: > On Thu, Mar 31, 2016 at 3:40 PM, Dan McDonald <dan...@omniti.com> wrote: > > I'm starting this thread to hear what the community has to say about where > > OmniOS should go w.r.t. its OpenSSL release. I have internal customers > > too, of course, but I'll engage them separately. We need to have an > > OpenSSL because illumos requires one. We *could* do the SmartOS thing and > > keep our own SUNW/OMNI*...() api set, though. > > > > They have to play those games because they ship 2 different openssl > instances, > though. (One with the platform, one via pkgsrc or whatever.) If you hide > the internal > copy, you still have to manage (or someone does, at any rate) compatibility > and > releases of the public copy. The problem doesn't go away, you just sweep it > under > someone else's carpet.
Here's another viewpoint though: I would like to choose the SSL implementation used in my application stack, so I want this problem under my carpet. Not just because I believe it has security benefits (eg. getting ssl2 *actually* disabled; it couldn't be disabled in the OmniOS shipped OpenSSL because that broke binary compatibility), but also because my SSL library of choice ships a sane API (libtls [0]). If OmniOS keeps shipping OpenSSL as a mandatory component *without* changing its symbol names, I can't do what I want in my application stack. > Users will have binaries linked against the existing openssl libraries, and > those > need to continue to run. OmniOS has removed (ie. stopped shipping) some other libraries in the past [1], but I understand the OpenSSL story might be a little different. Perhaps there's a middle ground here though: it seems like you and I would both be happy if OmniOS kept shipping OpenSSL, but made it optional (although then obviously it would have to have another copy with mangled symbol names for the things illumos needs it for). [0]: http://man.openbsd.org/OpenBSD-current/man3/tls_accept_fds.3 [1]: eg. 151006 removed several libraries, including libgnutls and libgcrypt. http://omnios.omniti.com/wiki.php/ReleaseNotes/r151006 -- Lauri Tirkkonen | lotheac @ IRCnet _______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss