Bug#828236: [Pkg-openssl-devel] Bug#844160: openssl 1.1 and apache2
On Friday, 18 November 2016 01:09:53 CET Adrian Bunk wrote:
> On Thu, Nov 17, 2016 at 11:18:57PM +0100, Stefan Fritsch wrote:
> > On Thursday, 17 November 2016 21:39:19 CET Kurt Roeckx wrote:
> > > > That header was created for mod_ssl_ct which provides support for
> > > > certificate transparency. It's quite new and likely that nothing else
> > > > uses the header. It would probably be acceptable to remove the
> > > > dependency
> > > > in apache2-dev on libssl-dev and add a caveat to the README.Debian. I
> > > > could also not install the header, or put it into a separate new
> > > > package
> > > > that depends on libssl-dev.
> > >
> > > So can you confirm that the only reason for the libssl-dev
> > > depedency is that file?
> >
> > Yes.
>
> What does create the dependency in
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828330#16
> ?
By including its own copy of ssl_private.h from the apache source (not
installed in apache2-dev). Urgh.
/*
* After 2.0.49, Apache mod_ssl has most of the mod_ssl structures defined
* in ssl_private.h, which is not installed along with httpd-devel (eg in
* the FC2 RPM.) This include file provides SIMPLIFIED structures for use
* by mod_gridsite: for example, pointers to unused structures are replaced
* by void * and some of the structures are truncated when only the early
* members are used.
*
* CLEARLY, THIS WILL BREAK IF THERE ARE MAJOR CHANGES TO ssl_private.h!!!
*/
That's very ugly. So, not installing mod_ssl_openssl.h or a caveat in
README.Debian would not help.
But putting it into a separate apache2-mod_ssl-dev package with the proper
mod_ssl dependency would still work. gridsite would then need to build-dep on
that package and (AFAICS) php does not do the same ugly tricks and would be
unaffected by the dependency on libssl1.0-dev.
Reply to: