Stefan Fritsch <s...@debian.org> writes: > I must admit that I did not think of php when doing that change, sorry.
> On the other hand, shibboleth-sp2 also build-depends on apache2-dev and there > have been some indications that shibboleth won't be switching to openssl 1.1 > for stretch. See https://lists.debian.org/debian-release/2016/11/msg00024.html It turns out that Shibboleth will be okay if Apache goes to 1.1. The Shibboleth code that goes into Apache is isolated from the OpenSSL use inside Shibboleth, so we can keep building Shibboleth against 1.0 and Apache can go to 1.1 and all the pieces are happy. (The OpenSSL work is done in a separate daemon, shibd, that the Apache module talks to.) (Not that this solves all the problems, but just FYI.) -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>