On 04/09/2018 09:47 AM, Richard Melville wrote:
On 7 April 2018 at 23:48, Tim Tassonis <st...@decentral.ch
<mailto:st...@decentral.ch>> wrote:
On 04/08/2018 12:42 AM, Bruce Dubbs wrote:
It's disturbing that openssh still requires a 60K patch to build
with openssl-1.1.0. openssl-1.1.0. has been in release since
August 2916.
I guess that's probably because they just concentrate on their own
libressl.
Which is why I suggested, a long time ago, that we replace openssl with
libressl. I use it and have had no issues.
Tricky situation, I think. On one hand, it's a very good thing of
lfs/blfs to usually quickly follow upstream on new versions.
In the openssl case, they went for an api change with 1.1, and quite a
few dependent packages did not (yet) follow, as dropping 1.0 support
would break compatibility with libressl, as libressl does not seem to
prioritize 1.1 support. I just looked at libressl's release notes for
their latest 2.7.2 release:
* Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
observations of real-world usage in applications. These are
implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
changes have not been made to existing structs, allowing code written
for older OpenSSL APIs to continue working.
This translates to me that full openssl 1.1 compatibility is not high on
libressl's priority list, and so it looks like the situation with
opensh will also not change in the near future.
Richard
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
