On Wed, Nov 16, 2016 at 08:36:49PM +0100, Kurt Roeckx wrote: > On Mon, Nov 14, 2016 at 03:06:44PM -0800, Russ Allbery wrote: > > Stefan Fritsch <s...@debian.org> writes: > > > > > I must admit that I did not think of php when doing that change, sorry. > > > > > On the other hand, shibboleth-sp2 also build-depends on apache2-dev and > > > there > > > have been some indications that shibboleth won't be switching to openssl > > > 1.1 > > > for stretch. See > > > https://lists.debian.org/debian-release/2016/11/msg00024.html > > > > It turns out that Shibboleth will be okay if Apache goes to 1.1. The > > Shibboleth code that goes into Apache is isolated from the OpenSSL use > > inside Shibboleth, so we can keep building Shibboleth against 1.0 and > > Apache can go to 1.1 and all the pieces are happy. (The OpenSSL work is > > done in a separate daemon, shibd, that the Apache module talks to.) > > So I looked at apache2-dev to see why it depends on libssl-dev. > The only thing I can find is that mod_ssl_openssl.h provides some > hooks, and you actually get SSL_CTX * and SSL * in there. But > nothing in Debian seems to include that file.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828330#16 Where is that dependency on the same OpenSSL version coming from? > Kurt cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed