Opened 15 months ago

Closed 4 months ago

#18581 closed task (fixed)

OpenSSL 1.1.1 EOL

Reported by: Coldfirex Owned by: pulkomandy
Priority: critical Milestone: R1/beta5
Component: Build System Version: R1/Development
Keywords: Cc:
Blocked By: Blocking: #18565
Platform: All

Description

Howdy, I didnt see a ticket for this already but wanted to make a note that OpenSSL 1.1.1 is now EOL as of this week (Sept 11, 2023). Looks like we need to migrate to 3.0.x (LTS version) or 3.1.x.

Further information: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/

Change History (11)

comment:1 by waddlesplash, 15 months ago

Component: - GeneralBuild System
Milestone: UnscheduledR1/beta5
Priority: normalcritical

comment:2 by pulkomandy, 15 months ago

It is possible to use OpenSSL 3 with deprecated function still enabled, that allows to easily migrate to it without too much changes in the code.

A lot of APIs have changed (for the best, better encapsulation of internal structure), but maybe we want to first start using OpenSSL 3, and then start migrating progressively.

comment:3 by Coldfirex, 15 months ago

It looks like alot of the deprecated functions are still there, but will just throw compiler warnings after a quick skim of the migration notes.

https://www.openssl.org/docs/man3.0/man7/migration_guide.html

comment:5 by pulkomandy, 10 months ago

Blocking: 18565 added

comment:6 by cocobean, 10 months ago

OpenSSL 3.2.1 is backward compatible with OpenSSL 3.2.0 and OpenSSL 3.1.0, but not with OpenSSL 1.1.1.

Submitted a PR for OpenSSL 3.2.1. Ref: https://github.com/haikuports/haikuports/pull/10035

Version 1, edited 10 months ago by cocobean (previous) (next) (diff)

comment:7 by pulkomandy, 6 months ago

Owner: changed from nobody to pulkomandy
Status: newin-progress

comment:8 by thebuck, 6 months ago

Spam alert. And note how unhelpful that comment is: https://dev.haiku-os.org/ticket/18581?action=comment-diff&cnum=4&version=1

comment:9 by pulkomandy, 6 months ago

Spam in a comment edit, sneaky! Deleted the comment and the author. Thanks for the alert.

comment:10 by pulkomandy, 5 months ago

Status update: I have put a set of changes on Gerrit for this. There is ABI compatibility issues. The libraries have different sonames, to some extent this allows to migrate progressively from one version to the other. However, software that ends up linking both versions will not work. This is the case for webkit, which links both curl and libbnetapi (the latter being used to implement websockets using BSecureSocket).

Solutions are being discussed in the gerrit changes.

comment:12 by pulkomandy, 4 months ago

Resolution: fixed
Status: in-progressclosed

Beta5 is now running on openssl 3.

Note: See TracTickets for help on using tickets.