OpenSSL 1.1.1 EOL

[Coldfirex]

Howdy, I didnt see a ticket for this already but wanted to make a note that OpenSSL 1.1.1 is now EOL as of this week (Sept 11, 2023). Looks like we need to migrate to 3.0.x (LTS version) or 3.1.x.

Further information: ​https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/

[pulkomandy]

It is possible to use OpenSSL 3 with deprecated function still enabled, that allows to easily migrate to it without too much changes in the code.

A lot of APIs have changed (for the best, better encapsulation of internal structure), but maybe we want to first start using OpenSSL 3, and then start migrating progressively.

[Coldfirex]

It looks like alot of the deprecated functions are still there, but will just throw compiler warnings after a quick skim of the migration notes.

​https://www.openssl.org/docs/man3.0/man7/migration_guide.html

[cocobean]

Submitted a PR for OpenSSL 3.2.1. Ref: ​https://github.com/haikuports/haikuports/pull/10035

[thebuck]

Spam alert. And note how unhelpful that comment is: https://dev.haiku-os.org/ticket/18581?action=comment-diff&cnum=4&version=1

[pulkomandy]

Spam in a comment edit, sneaky! Deleted the comment and the author. Thanks for the alert.

[pulkomandy]

Status update: I have put a set of changes on Gerrit for this. There is ABI compatibility issues. The libraries have different sonames, to some extent this allows to migrate progressively from one version to the other. However, software that ends up linking both versions will not work. This is the case for webkit, which links both curl and libbnetapi (the latter being used to implement websockets using BSecureSocket).

Solutions are being discussed in the gerrit changes.

[pulkomandy]

​https://review.haiku-os.org/c/haiku/+/7718/1

​https://github.com/haikuports/haikuports/pull/10564

[pulkomandy]

Beta5 is now running on openssl 3.