From nobody Mon Apr 24 14:39:12 2023 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q4np73rP9z46vhv for ; Mon, 24 Apr 2023 14:39:27 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-vk1-xa2e.google.com (mail-vk1-xa2e.google.com [IPv6:2607:f8b0:4864:20::a2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Q4np721Lhz3nrR for ; Mon, 24 Apr 2023 14:39:27 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-vk1-xa2e.google.com with SMTP id 71dfb90a1353d-44048c2de31so2827451e0c.0 for ; Mon, 24 Apr 2023 07:39:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20221208.gappssmtp.com; s=20221208; t=1682347165; x=1684939165; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=akqKJ3XnswWzxoN/mF7TCXfR1B6bzy20R/Jexb2VpZk=; b=0u68qK6KKS2XEBcIB8rmtW+u6oS9XqybgKXnu6zTzialgvi/Om3LtGV4WzTRsPedDI nOKvw221uUlI3ygsLtLbFNOFdQ/xqBb8+PbzoXwPmgpTzKXdga6QDgRxzNuOE0LR9poo sqhpkdNjahWKT7tJDCzahuKlO9qYovSQn27kk9lbPgiEuQizGjgu3fRaTIqkC4dCddu/ LHCfqZhPvvlIYmkXUqh2ksxtQOGIIcD7tqtXxHpZUndR3kZxxJCSCQnAE7tFXxtKIx6B eVNMZysNCLJ+j+Oh1Jtp6U8705to+IT3P2HhEKHmwkOu/Gq1buvfkrhSa11kDg8syTi6 YxHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682347165; x=1684939165; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=akqKJ3XnswWzxoN/mF7TCXfR1B6bzy20R/Jexb2VpZk=; b=e1WMSzOhn6G+QNkeg5Rt9aleXxy8QDsS0MzOeQ2ZxkEXy+hJuZsiNNb5GB6c5j3xR1 BBUerQqpAJaazM+xCkXgRnp7ybLeAFM8C+7v8CKUJWjTkPL5Rsotl0m8FBIdkPOwOKBq L8Bv5kYtBvKs1TmQd6kL3Ffn7ecrCP3ecJkvIbbp1Iteuwy9WbE/X0hs0kPl49VWE+36 rQUPphVfOsL6B4jxdvBL9WWQyv9IOu/wT7tcLkEwHVL1YIYyethNR+yyOqz+tR+IK1Ow D33JqOgWRjcIrqcQpYRU1YgpNHl5CixarzhAcAcDJOLVYGxe3oMLarrd7pEGEXE+mI4o ePjA== X-Gm-Message-State: AAQBX9dknx0PRLY4SqPDOdUCljpDv/oAISn++PpMpDL90OpCsx4Svqkr jNC6Fgc3zo0AGCxfEdsJjJhnjhB2x+EvppQRnLzQxw== X-Google-Smtp-Source: AKy350YOKM3E3s+dFdMO+tpdeVxtUJj7Vi17BdbA36CXtA0ylogs/0gBEOdZ0Nhv6eHHQr2+Mily4DWgwNPJ4fTNfyg= X-Received: by 2002:a1f:5ed0:0:b0:440:6152:fb75 with SMTP id s199-20020a1f5ed0000000b004406152fb75mr4394513vkb.13.1682347165473; Mon, 24 Apr 2023 07:39:25 -0700 (PDT) List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@freebsd.org MIME-Version: 1.0 References: <8e00be00-e327-64d2-0018-7525a1ba6f2e@freebsd.org> In-Reply-To: <8e00be00-e327-64d2-0018-7525a1ba6f2e@freebsd.org> From: Warner Losh Date: Mon, 24 Apr 2023 08:39:12 -0600 Message-ID: Subject: Re: OpenSSL in the FreeBSD base system / FreeBSD 14 To: Charlie Li Cc: Ed Maste , Joerg Pulz , freebsd-arch Content-Type: multipart/alternative; boundary="0000000000002ff4f505fa15f951" X-Rspamd-Queue-Id: 4Q4np721Lhz3nrR X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --0000000000002ff4f505fa15f951 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Apr 24, 2023, 8:33 AM Charlie Li wrote: > Ed Maste wrote: > > The problem is that we have conflicting constraints: OpenSSL 1.1.1 is > > EOL shortly after 14.0 releases, and there are ports that do not yet > > build against OpenSSL 3. I am not sure how much will be broken if we > > update the base system to OpenSSL 3 but leave the privatelib aside > > (i.e., have the base system provide OpenSSL 3 to ports). > > > OpenSSL 3 is a major, even larger than 1.1, API/ABI change. Quite a bit > of stuff will be broken today. The effort here has to include working > with as many port upstreams as possible to force the issue, as they may > not hold OpenSSL 3 compatibility to be an immediate priority; patching > ports on a large scale like this is not sustainable. > So why can't ports like this use 1.1 as a port rather than from base? Warner --=20 > Charlie Li > =E2=80=A6nope, still don't have an exit line. > > --0000000000002ff4f505fa15f951 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Mon, Apr 24, 2023, 8:33 AM Charlie Li <vishwin@freebsd.org> wrote:
Ed Maste wrote:
> The problem is that we have conflicting constraints: OpenSSL 1.1.1 is<= br> > EOL shortly after 14.0 releases, and there are ports that do not yet > build against OpenSSL 3. I am not sure how much will be broken if we > update the base system to OpenSSL 3 but leave the privatelib aside
> (i.e., have the base system provide OpenSSL 3 to ports).
>
OpenSSL 3 is a major, even larger than 1.1, API/ABI change. Quite a bit of stuff will be broken today. The effort here has to include working
with as many port upstreams as possible to force the issue, as they may not hold OpenSSL 3 compatibility to be an immediate priority; patching
ports on a large scale like this is not sustainable.
=

So why can't ports = like this use 1.1 as a port rather than from base?
<= br>
Warner

--
Charlie Li
=E2=80=A6nope, still don't have an exit line.

--0000000000002ff4f505fa15f951--