[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL 1.1.0

Ondřej Surý <ondrej@sury.org> writes:

> And this is happening all over places (apache2 vs php7.0) - I don't
> think we can have a partial transition. It's now all or nothing.

xml-security-c has not yet been ported to OpenSSL 1.1 upstream (which is
non-trivial), and we're now at an impasse in the Shibboleth suite because
cURL is using 1.1, but xml-security-c and Apache both need 1.0.

I agree with Ondřej: the current transition state is not releasable.  We
need to figure out something else.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: