On 2018-11-15 09:34, Jean-Marc Pigeon via blfs-dev wrote:
Hello,
On 11/15/2018 10:04 AM, Stephen Berman wrote:
[....]
Trouble ahead compiling sendmail (and other?)
using opessl-1.1.1?
Comments?, something I am overlooking?
I don't think so but do try to compile sendmail with openssl-1.0.2p.
I'm pretty sure it will work fine :)
No.
I am very doubtful you can have both openssl-1.0.2p and openssl-1.1.1
within the same system.
I can dispell your doubts. As I reported in response to your OP (see
http://lists.linuxfromscratch.org/pipermail/blfs-dev/2018-November/035071.html),
I have built and use sendmail in BLFS 8.3, i.e. sendmail-8.15 with
openssl-1.0.2p. I've also installed openssl-1.1.1. I've noticed no
problems.
(My reply also went to [email protected] but it bounced, so it if Jean-Marc
is
not following the list, he'll have missed it; perhaps someone can
point
him to the list archive.)
Steve Berman
Ok...
Hmmm, rather reluctant to have 2 libraries named openssl
and as critical to applications.
Meaning (lets say) sendmail is using openssl-1.0 and
openssh using openssl-1.1 within the same packaging
set. As you don't know which application is using
what, difficult to assess a library bug impact on
application.
According my understanding, openssl-1.0 won't be
"alive" after 2019 (one year from now).
Better to move to openssl-1.1. no?
A year is a long time for things to change.
Some applications still don't support the API and ABI changes that
OpenSSL made with little notice to downstreams yet. It takes time for
things to move. Sendmail isn't the only package in the book that
requires a patch for this. Some others include liboauth and cyrus-sasl
(IIRC), and the liboauth patch already needs updating.
Our instructions for the openssl-1.0 API make it so that we only install
the headers and libraries, and we do so in a separate location from
where the standard libraries would be installed. We solve this problem
by installing symbolic links to the older versions of the libraries that
*only* use 1.0.0 at the end for the version, so that they do not
conflict with the newer version. As I said before, we only install the
headers and libraries, it's safe. We also modify the pkg-config .pc
files to report /usr/include/openssl-1.0 instead of /usr/include to
prevent clobbering of the new version. Since we don't install any
executables, it makes that easy too.
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
