From nobody Mon Apr 24 14:49:43 2023
X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q4p2T3sKsz46wQN
	for <freebsd-arch@mlmmj.nyi.freebsd.org>; Mon, 24 Apr 2023 14:50:09 +0000 (UTC)
	(envelope-from dim@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Q4p2T3HLGz3qSp;
	Mon, 24 Apr 2023 14:50:09 +0000 (UTC)
	(envelope-from dim@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1682347809;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=tcTEwzrrWB4P+Mmv4PkgbZWLAjcreBun0h/1Z/My4fk=;
	b=COimbT2Q4C1h2VWEguskl8aryvm3QP/2mI/5LfnEmp4gY/FtRNpu13yT9JmM9Kj1wG9jgQ
	hIktYpXlLfLPwiZ+FwpLn9/5ClDbnRy3PbwzgDHon6LxTdKlmkalm7BXAn2TKu9CBgcW+Y
	8sinLgfghYCCbarxfNgMsX1fDBpI402ts4+jXr371rmPz6o8vublh1bQO/qpxw04BDd7bi
	DTCCoTPOCYMNVLGXrVcGLHGcs/aq8L1pXG5Tc++9eMNAi7FTVjqYuAhZB+k3uqlFAua9p5
	8MVJnJovfeAda9TDuBUluyid6itqI9GQeT/UqmP7qzXlVMchk1e0KhsBiPtCBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1682347809;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=tcTEwzrrWB4P+Mmv4PkgbZWLAjcreBun0h/1Z/My4fk=;
	b=RBnVmdtzgWQSv8o+XZgfcuyo+H1+FM6XyKWh1kqa4hz1+MRu8UYZ410+7WmKVn91OboVMv
	O5JMGAGAkunyj0xQJbBgN/V5gScYRUgsVNlTcm5tFEwXHonC/kw/RS5oFB5CJNPNVkUfe2
	Hbn+uFfiKUZhL0DJL+CRLjPZ6+N8GxGancMtwrVff9wLoDmqk+8lvSB3u3fFSLBMIOJCnn
	8ZyxhvvdnQcJHWZXoythcplIhi4baofkRaWPNUt47xCcu6SbL7ohhRZh5lLTR03k4oB/Bk
	2+KrWHtCuzouqoSJZETuPnBnaTlbqm5M4P4GDh9Q/k0e5ePO5XgvE+KOH9nCkA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1682347809; a=rsa-sha256; cv=none;
	b=IrBKwbXBAlbxPRrpa9pzjNU9qgcoLpknjHUtaMprx5l1oT0lgF1ISI0kfAQkJ3h8+qn+ge
	aiAhXZYuB/7W5iuVTbvbd4DeFsoe74fn3qfZHsK13wszUMmFQWLOAOag+xWege51rjVrw4
	Z5mYMPjNO1Ds7Hztx/FtVZqpfrUvlYzGSMQhl65TwgNz9s3OXu98kT7DJIHnSC9N5Tx0bp
	HrlvW38YMuuaSnGIVrruAgljCV9mrzcvK17luXAZIqyTukiQb33UTQNqXpDAmCbm49qQrt
	CISd8faSk5pE0QEQanECvegSeeax9t4ks0lqJERaGth6e7gA/b8wUC5qJnF34A==
Received: from tensor.andric.com (tensor.andric.com [87.251.56.140])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "tensor.andric.com", Issuer "R3" (verified OK))
	(Authenticated sender: dim)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4Q4p2T1cjdzgT8;
	Mon, 24 Apr 2023 14:50:09 +0000 (UTC)
	(envelope-from dim@FreeBSD.org)
Received: from smtpclient.apple (longrow.home.andric.com [192.168.0.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by tensor.andric.com (Postfix) with ESMTPSA id 961D634FF0;
	Mon, 24 Apr 2023 16:50:07 +0200 (CEST)
Content-Type: multipart/signed;
	boundary="Apple-Mail=_28A2C80C-3CFA-46F5-9F0C-28D749B9F214";
	protocol="application/pgp-signature";
	micalg=pgp-sha1
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-arch
List-Help: <mailto:freebsd-arch+help@freebsd.org>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Subscribe: <mailto:freebsd-arch+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-arch+unsubscribe@freebsd.org>
Sender: owner-freebsd-arch@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\))
Subject: Re: OpenSSL in the FreeBSD base system / FreeBSD 14
From: Dimitry Andric <dim@FreeBSD.org>
In-Reply-To: <CANCZdfrr_H6AnLdw6wVhXMbwat9kT0JT1B4u0rjOP_Hfp2AX_Q@mail.gmail.com>
Date: Mon, 24 Apr 2023 16:49:43 +0200
Cc: Charlie Li <vishwin@freebsd.org>,
 Ed Maste <emaste@freebsd.org>,
 Joerg Pulz <Joerg.Pulz@frm2.tum.de>,
 freebsd-arch <freebsd-arch@freebsd.org>
Message-Id: <BC5F58E1-7B14-414F-A592-F6A75634D8DC@FreeBSD.org>
References: <CAPyFy2Afao5tnujFtwiF6avdkqAXRGDOTSq-JSCkHvvbfUvhaA@mail.gmail.com>
 <nycvar.OFS.7.77.840.2304201411080.78141@unqrf.nqzva.sez2.ghz.qr>
 <CAPyFy2DQsNLXmELTun6n590opjcAom-3MQE_jKda7AU4LdcGGg@mail.gmail.com>
 <8e00be00-e327-64d2-0018-7525a1ba6f2e@freebsd.org>
 <CANCZdfrr_H6AnLdw6wVhXMbwat9kT0JT1B4u0rjOP_Hfp2AX_Q@mail.gmail.com>
To: Warner Losh <imp@bsdimp.com>
X-Mailer: Apple Mail (2.3731.500.231)
X-ThisMailContainsUnwantedMimeParts: N


--Apple-Mail=_28A2C80C-3CFA-46F5-9F0C-28D749B9F214
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii

On 24 Apr 2023, at 16:39, Warner Losh <imp@bsdimp.com> wrote:
> 
> On Mon, Apr 24, 2023, 8:33 AM Charlie Li <vishwin@freebsd.org> wrote:
> Ed Maste wrote:
> > The problem is that we have conflicting constraints: OpenSSL 1.1.1 is
> > EOL shortly after 14.0 releases, and there are ports that do not yet
> > build against OpenSSL 3. I am not sure how much will be broken if we
> > update the base system to OpenSSL 3 but leave the privatelib aside
> > (i.e., have the base system provide OpenSSL 3 to ports).
> >
> OpenSSL 3 is a major, even larger than 1.1, API/ABI change. Quite a bit
> of stuff will be broken today. The effort here has to include working
> with as many port upstreams as possible to force the issue, as they may
> not hold OpenSSL 3 compatibility to be an immediate priority; patching
> ports on a large scale like this is not sustainable.
> 
> So why can't ports like this use 1.1 as a port rather than from base?

Trouble starts when you attempt to mix openssl 1.1 and 3.0 libraries
(both dynamic and static!) in dependent ports, because symbol names will
collide.

This is not an easily solvable problem, apart from the fact that an
openssl 1.1 port would have the same basic issue that openssl 1.1 in the
base system has: it will no longer be supported (at least without paying
up) after $CUTOFF_DATE.

The rest of the open source world has exactly the same problem of
course, so either all abandoned openssl-1.x using programs have to be
completely ditched, or you have to keep openssl-1.x on life support
somehow. Guess what will happen. :)

I think it is likely that this will be a repeat of the Python 2.x
debacle, e.g. against better judgement everybody will just keep on
using the deprecated version for years, and it may never fade out
completely...

-Dimitry


--Apple-Mail=_28A2C80C-3CFA-46F5-9F0C-28D749B9F214
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.2

iF0EARECAB0WIQR6tGLSzjX8bUI5T82wXqMKLiCWowUCZEaXBwAKCRCwXqMKLiCW
oxQ1AJ9U6zTPM4/wbvC6PB/5BioVtXLEhwCeIIy/oQbAp+QxMSkN/D2JXxKBfLs=
=5xzF
-----END PGP SIGNATURE-----

--Apple-Mail=_28A2C80C-3CFA-46F5-9F0C-28D749B9F214--