Sam Hartman <hartm...@debian.org> writes: > can we (Debian) support SSL 1.1 with Shibboleth? > That is, are the patches something you're comfortable integrating as > Debian?
I haven't seen the latest iteration of the Santuario compatibility patches yet. Judging by the earlier glimpses, they are quite big and require several memory management changes and at least one logic change. But they are backed by tests and they are the result of a big chunk of careful work. If we weren't talking about security software, I'd have no objections... If upstream released the compatible code (not the current patch set, which has divergent code paths at more places than necessary) soon, even without changing to OpenSSL 1.1, that would also help, because the compatibility defines and functions are provided by the OpenSSL porting guide and the maintenance/support areas stayed well separated for upstream and Debian. I'd still welcome reviewers, though, please don't let me do this alone. But I still think it would be better to provide libcurl4-openssl1.0-dev somehow. Curl already provides several flavours (for OpenSSL, NSS and GnuTLS), though extending this to OpenSSL 1.0 isn't readily possible because libssl1.0-dev conflicts with libssl-dev. Curl maintainers (Cc-ed), do you think you could pull this off? -- Thanks, Feri