[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssl 1.1.1 in stretch backports?

On Fri, Jan 11, 2019 at 01:56:35PM +0100, Harald Dunkel wrote:
> On 1/11/19 11:46 AM, Simon McVittie wrote:
> > 
> > OpenSSL 1.1.0 and 1.1.1 both build libssl.so.1.1; so, no, they cannot
> > be parallel-installed. If there was a backport of openssl 1.1.1 it would
> > replace 1.1.0.

I suppose it could use a "shlib_variant" customization string to present as
adifferent library that would need to be explicitly requested by consumers.
Which would be fairly lousy for other software in -backports, I suppose,
but could have some utility for some people.

> >      smcv
> > 
> 
> Is it possible to use openssl 1.1.1 as a drop-in replacement for
> 1.1.0?

Well ... mostly.  It's *supposed* to be, but there are some places where
behavior had to change to get TLS 1.3 support, and some of those changes
are on the boundary of "breaks functioning code" and "your code was doing
unsupported/undocumented things".  (Unfortunately, I don't have any
examples off the top of my head.)

-Ben
Reply to: