Date: Mon, 24 Apr 2023 08:39:12 -0600 From: Warner Losh <imp@bsdimp.com> To: Charlie Li <vishwin@freebsd.org> Cc: Ed Maste <emaste@freebsd.org>, Joerg Pulz <Joerg.Pulz@frm2.tum.de>, freebsd-arch <freebsd-arch@freebsd.org> Subject: Re: OpenSSL in the FreeBSD base system / FreeBSD 14 Message-ID: <CANCZdfrr_H6AnLdw6wVhXMbwat9kT0JT1B4u0rjOP_Hfp2AX_Q@mail.gmail.com> In-Reply-To: <8e00be00-e327-64d2-0018-7525a1ba6f2e@freebsd.org> References: <CAPyFy2Afao5tnujFtwiF6avdkqAXRGDOTSq-JSCkHvvbfUvhaA@mail.gmail.com> <nycvar.OFS.7.77.840.2304201411080.78141@unqrf.nqzva.sez2.ghz.qr> <CAPyFy2DQsNLXmELTun6n590opjcAom-3MQE_jKda7AU4LdcGGg@mail.gmail.com> <8e00be00-e327-64d2-0018-7525a1ba6f2e@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000002ff4f505fa15f951 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Apr 24, 2023, 8:33 AM Charlie Li <vishwin@freebsd.org> wrote: > Ed Maste wrote: > > The problem is that we have conflicting constraints: OpenSSL 1.1.1 is > > EOL shortly after 14.0 releases, and there are ports that do not yet > > build against OpenSSL 3. I am not sure how much will be broken if we > > update the base system to OpenSSL 3 but leave the privatelib aside > > (i.e., have the base system provide OpenSSL 3 to ports). > > > OpenSSL 3 is a major, even larger than 1.1, API/ABI change. Quite a bit > of stuff will be broken today. The effort here has to include working > with as many port upstreams as possible to force the issue, as they may > not hold OpenSSL 3 compatibility to be an immediate priority; patching > ports on a large scale like this is not sustainable. > So why can't ports like this use 1.1 as a port rather than from base? Warner --=20 > Charlie Li > =E2=80=A6nope, still don't have an exit line. > > --0000000000002ff4f505fa15f951 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"auto"><div><br><br><div class=3D"gmail_quote"><div dir=3D"ltr" = class=3D"gmail_attr">On Mon, Apr 24, 2023, 8:33 AM Charlie Li <<a href= =3D"mailto:vishwin@freebsd.org">vishwin@freebsd.org</a>> wrote:<br></div= ><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1= px #ccc solid;padding-left:1ex">Ed Maste wrote:<br> > The problem is that we have conflicting constraints: OpenSSL 1.1.1 is<= br> > EOL shortly after 14.0 releases, and there are ports that do not yet<b= r> > build against OpenSSL 3. I am not sure how much will be broken if we<b= r> > update the base system to OpenSSL 3 but leave the privatelib aside<br> > (i.e., have the base system provide OpenSSL 3 to ports).<br> > <br> OpenSSL 3 is a major, even larger than 1.1, API/ABI change. Quite a bit <br= > of stuff will be broken today. The effort here has to include working <br> with as many port upstreams as possible to force the issue, as they may <br= > not hold OpenSSL 3 compatibility to be an immediate priority; patching <br> ports on a large scale like this is not sustainable.<br></blockquote></div>= </div><div dir=3D"auto"><br></div><div dir=3D"auto">So why can't ports = like this use 1.1 as a port rather than from base?</div><div dir=3D"auto"><= br></div><div dir=3D"auto">Warner</div><div dir=3D"auto"><br></div><div dir= =3D"auto"><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" styl= e=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> -- <br> Charlie Li<br> =E2=80=A6nope, still don't have an exit line.<br> <br> </blockquote></div></div></div> --0000000000002ff4f505fa15f951--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfrr_H6AnLdw6wVhXMbwat9kT0JT1B4u0rjOP_Hfp2AX_Q>