Re: Bug#856004: khtml: please build-depen on libssl1.0-dev for Stretch

[Sebastian Andrzej Siewior <sebastian@breakpoint.cc>]

On 2017-02-25 12:29:31 [-0300], Lisandro Damián Nicanor Pérez Meyer wrote:
> I think the issue here is if it will work or not at runtime. 

that is what I assume, correct.

> Sebastian: have you seen it crash due to this?

No. I assume that it might use QT's internal networking which is 1.0 and if
they mix then bad things will happen.
I sure that the following symbols are missing:
 RAND_egd
 NETSCAPE_X509_it
 X509_STORE_CTX_set_chain*
 sk_free*
 sk_num
 sk_pop
 sk_value
 sk_new
 sk_push
 sk_dup
 SSLv23_client_method

The two functions marked * have no error handling if the function is missing.
Not using SSLv23_client_method() means that the the user of this class has to
try again with TLSv1_client_method() member which will only allow a TLS1.0
handshake. This is not what you want because TLS1.0 itself is deprecated and
the v23 method would allow the maximum possible TLS level (which is currently
1.2).
For those reasons I think it is wise to migrate to libssl1.0-dev.

Sebastian