Opened 15 months ago
Closed 4 months ago
#18581 closed task (fixed)
OpenSSL 1.1.1 EOL
Reported by: | Coldfirex | Owned by: | pulkomandy |
---|---|---|---|
Priority: | critical | Milestone: | R1/beta5 |
Component: | Build System | Version: | R1/Development |
Keywords: | Cc: | ||
Blocked By: | Blocking: | #18565 | |
Platform: | All |
Description
Howdy, I didnt see a ticket for this already but wanted to make a note that OpenSSL 1.1.1 is now EOL as of this week (Sept 11, 2023). Looks like we need to migrate to 3.0.x (LTS version) or 3.1.x.
Further information: https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
Change History (11)
comment:1 by , 15 months ago
Component: | - General → Build System |
---|---|
Milestone: | Unscheduled → R1/beta5 |
Priority: | normal → critical |
comment:2 by , 15 months ago
comment:3 by , 15 months ago
It looks like alot of the deprecated functions are still there, but will just throw compiler warnings after a quick skim of the migration notes.
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
comment:5 by , 10 months ago
Blocking: | 18565 added |
---|
comment:6 by , 10 months ago
OpenSSL 3.2.1 is backward compatible with OpenSSL 3.2.0 and OpenSSL 3.1.0, but not with OpenSSL 1.1.1.
See: https://www.openssl.org/docs/man3.1/man7/migration_guide.html
Submitted a PR for OpenSSL 3.2.1. Ref: https://github.com/haikuports/haikuports/pull/10035
comment:7 by , 6 months ago
Owner: | changed from | to
---|---|
Status: | new → in-progress |
comment:8 by , 6 months ago
Spam alert. And note how unhelpful that comment is: https://dev.haiku-os.org/ticket/18581?action=comment-diff&cnum=4&version=1
comment:9 by , 6 months ago
Spam in a comment edit, sneaky! Deleted the comment and the author. Thanks for the alert.
comment:10 by , 5 months ago
Status update: I have put a set of changes on Gerrit for this. There is ABI compatibility issues. The libraries have different sonames, to some extent this allows to migrate progressively from one version to the other. However, software that ends up linking both versions will not work. This is the case for webkit, which links both curl and libbnetapi (the latter being used to implement websockets using BSecureSocket).
Solutions are being discussed in the gerrit changes.
comment:11 by , 5 months ago
comment:12 by , 4 months ago
Resolution: | → fixed |
---|---|
Status: | in-progress → closed |
Beta5 is now running on openssl 3.
It is possible to use OpenSSL 3 with deprecated function still enabled, that allows to easily migrate to it without too much changes in the code.
A lot of APIs have changed (for the best, better encapsulation of internal structure), but maybe we want to first start using OpenSSL 3, and then start migrating progressively.