Re: Bug#856004: khtml: please build-depen on libssl1.0-dev for Stretch
On 2017-02-25 12:29:31 [-0300], Lisandro Damián Nicanor Pérez Meyer wrote:
> I think the issue here is if it will work or not at runtime.
that is what I assume, correct.
> Sebastian: have you seen it crash due to this?
No. I assume that it might use QT's internal networking which is 1.0 and if
they mix then bad things will happen.
I sure that the following symbols are missing:
RAND_egd
NETSCAPE_X509_it
X509_STORE_CTX_set_chain*
sk_free*
sk_num
sk_pop
sk_value
sk_new
sk_push
sk_dup
SSLv23_client_method
The two functions marked * have no error handling if the function is missing.
Not using SSLv23_client_method() means that the the user of this class has to
try again with TLSv1_client_method() member which will only allow a TLS1.0
handshake. This is not what you want because TLS1.0 itself is deprecated and
the v23 method would allow the maximum possible TLS level (which is currently
1.2).
For those reasons I think it is wise to migrate to libssl1.0-dev.
Sebastian
Reply to: