Source: cl-plus-ssl Version: 20170630-1 Severity: serious Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Control: block 871056 by -1
Please migrate to libssl-dev in the Buster cycle. I am very sorry for this late report but this package was never on my list. It slipped because it never B-D on libssl1.0-dev and it builds perfectly fine against libssl1.1. I have actually no idea why the package in archive links against libssl1.0.2 because it B-D on libssl-dev and if I rebuild then it depends on libssl1.1 instead. If you move torvards libssl1.1 you should make sure it loads libssl1.1 and not "just" libssl1.0.2. Function wise: SSL_library_init() and a few other macros towards "OPENSSL_init_ssl(0, NULL)" so "normal" C will work but if nim is accessing the functions directly then it will fail. SSLv23_client_method() and friends are also macros. 1.1 Code should use TLS_client_method() instead. Functions like TLSv1_method() should be avoided because they give you _only_ TLSv1 and _never_ TLSv1.1, and/or TLSv1.2 like SSLv23_client_method(). If you want to exclude a certain TLS version you should use something like SSL_OP_NO_TLSv1 to disable TLSv1 only (and keep other version like v1.1 and v1.2 around). Data strucures. All structures are opaque and you need to tell libssl to allocate it and free it (especially in crypto code). I can't tell if you dereference them, I can't read lisp. A larger collection of what changed in OpenSSL 1.0.2->1.1 is at https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes Sebastian