On Sun, Jun 12, 2016 at 7:19 PM, Antti Kantee <[email protected]> wrote: > On 12/06/16 13:20, Neeraj Sharma wrote: >>> >>> It's good to provide openssl as an alternative. That said, it would be >>> nice >>> if it actually were an actual alternative instead of "one works with some >>> but not others". So, I'd appreciate some sort of [quick] >>> analysis/writeup >>> on why libressl wouldn't work with Erlang, along with reporting the >>> findings >>> to the right upstream community. >>> >> >> I agree. That would be the right thing to do, but it'll be a lot more >> work than what I can do right now. Parking it for future. >> Additionally, I have a build working with openssl v1.0.1j with a >> typical configuration which I've had past experience with. Is there >> any specific version anyone prefers? Although I can submit the >> existing work for starters and then plan any update what so ever. > > > Well, either you know why libressl won't work with Erlang, or you don't have > a problem. Someone who was once reading a draft of mine gave me a valuable > tip: "if you have evidence, present it. otherwise, shut up". >
The tip is indeed valuable so I'll "shut up" and only say that I was lazy to not use libressl and try it out with Erlang after all :) > I'll assume 1.0.1j is some sort of typo. The only acceptable version of > openssl ever is the very latest stable (cf. original motivation for moving > it into packages). Yes. Its 1.0.1t but 1.0.1 has end-of-life this year, so we should go to 1.0.2 but then I haven't used it in the past. I believe given the rev there should not be an api changes so using that would not be an issue. > > Assuming there indeed is a problem with libressl & Erlang, and you have the > openssl build figured out, seems like the best option is to add openssl and > remove libressl. > Yes. The Erlang build is happy with my latest changes with openssl. BTW I wonder the advantages of one versus the other because I have never used libressl in the past. > That said, openssl needs to be reasonably easy to update, given that it > needs to be updated often. > I believe that should not be much of an issue although there is some trickiness of picking a target within openssl build and again my laziness prevails and I fall back to BSD-generic32 instead of trying to figure out best way forward for arm builds. Let me just push the changes (which will show what I mean) and since libressl is default anyways so unless someone changes config.mk manually things remain as-is. -Neeraj
