Hi, On 19.11.2016 23:07, Marco d'Itri wrote: >> plugin messes with those internals. For example, for apache2 there is gridsite >> which uses mod_ssl private interfaces and a private copy of a header from the >> apache2 sources to get access to the SSL context. Finding all such issues in >> all packages will take time. > We call this "broken by design" and a "FPOS program". The problem with OpenSSL is that these things are often necessary. In KiCad, we explicitly link against OpenSSL in order to initialize a struct that contains lock/unlock functions, in case the libcurl we use is linked against OpenSSL, so it doesn't keel over when asked to perform two HTTPS requests at the same time. The git history of OpenSSL doesn't exactly give me a lot of confidence either, and stable branches are apparently not even compile tested after backporting fixes (as evidenced by compile failures on KiCad's Jenkins server). My dream solution at this point would be to organize a week-long hackfest somewhere where we move everything to GnuTLS if possible. Simon
Attachment:
signature.asc
Description: OpenPGP digital signature