Re: OpenSSL 1.1.0
On Thu, Nov 24, 2016 at 03:20:06PM +0100, Jan Niehusmann wrote:
> On Thu, Nov 24, 2016 at 03:59:10PM +0200, Adrian Bunk wrote:
> > If inspection is not easily possible, then adding a dependency on
> > libssl1.0-dev to qtbase5-private-dev should be sufficient to
> > ensure that this is not leaked to a different OpenSSL version.
>
> I see two disadvantages:
>
> 1) doesn't catch cases where a package doesn't depend on libssl at all,
> but depends on two libraries which in turn use qt and libssl.
>...
I was answering to the "exposes OpenSSL internels (e.g. opaque structs)
in its API" problem.
When every -dev that contains headers exposing OpenSSL internals depends
on the libssl*-dev it uses, then this problem is solved.
dlopen() is a separate problem.
> But I don't know a better alternative, either.
>
> Jan
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Reply to: