Bug#995636: transition: openssl
On Sun, Jun 05, 2022 at 08:44:22PM +0200, Sebastian Andrzej Siewior wrote:
> On 2022-06-05 19:42:43 [+0200], Sebastian Ramacher wrote:
> > Hi Sebastian
> Hi Sebastian,
>
> > > Otherwise I'd fear that the only other options are openssl breaking
> > > libssl1.1 or renaming /etc/ssl/openssl.cnf to have a version specific
> > > name. Given the high number reverse dependencies involved in this
> > > transition (and also those depending on bin:openssl), I'd prefer to
> > > avoid a Breaks that could have the potential to force the libssl1.1 ->
> > > libssl3 upgrade to be more of a lockstep transition than needed.
> >
> > I see that there was another openssl upload. Any reason a fix for this
> > issue wasn't included in the upload of 3.0.3-6?
>
> I wasn't aware that this is something that we want do. Kurt pointed me
> to the testsuite problem which was the primary motivation for the
> upload.
> Regarding dovecot, Kurt wanted to make some time for it. The patch in
> ubuntu is working but is a giant duct tape which is not something I
> would wan to upload…
> Anyway, regarding the openssl.cnf. Do we want to use openssl-3.cnf for
> libssl3? We can't make opnenssl-1.1.cnf happen. The modification
> openssl.cnf already happend so people need to make changes manually…
> Is this the request here?
The suggestion was to make an openssl.cnf that's compatible with 1.1.1,
and so remove or comment out everything related to providers.
Kurt
Reply to: