[oi-dev] OpenSSL update process

Aurélien Larcher aurelien.larcher at gmail.com
Sun Feb 7 12:31:17 UTC 2021


On Sun, Feb 7, 2021 at 1:21 PM Andreas Wacknitz <A.Wacknitz at gmx.de> wrote:

> Am 06.02.21 um 21:56 schrieb Aurélien Larcher:
>
>
> OpenSSL 1.1 is now merged:
>
> 1. The mediator is default set to 1.0 but can be safely set to 1.1.
> 2. illumos-gate is patched to accept library/security/openssl-11 as
> dependency so that it builds when the mediator version is 1.1.
> 3. oi-userland has now a switch USE_OPENSSL10=yes or USE_OPENSSL11=yes
> which should be placed before shared-macros.mk is included.
> 4. If 'gmake update' is executed in a component depending on OpenSSL then
> the switch is made to OpenSSL 1.1 unless USE_OPENSSL10=yes is set.
>
> Now the fun begins:
>
> 3. Move all the components supporting OpenSSL 1.1 or update them.
>> 4. Deprecate possible rotting components which cannot be updated and may
>> cause security issues.
>>
>
> and... the more, the merrier!
>
>
> Cheers
>
>
> _______________________________________________
> oi-dev mailing listoi-dev at openindiana.orghttps://openindiana.org/mailman/listinfo/oi-dev
>
> Hi,
>
> do we have a problem with missing engine files in the openssl-11 package?
>
> ╰─➤  cat /usr/openssl/1.1/lib/pkgconfig/libcrypto.pc
> prefix=/usr/openssl/1.1
> exec_prefix=${prefix}
> libdir=${exec_prefix}/lib/
> includedir=${prefix}/include
> enginesdir=${libdir}/engines-1.1
>
> Name: OpenSSL-libcrypto
> Description: OpenSSL cryptography library
> Version: 1.1.1i
> Libs: -L${libdir} -lcrypto
> Libs.private: -lsocket -lnsl -ldl -pthread
> Cflags: -I${includedir}
>
> So, libcrypto.pc states that there shall be /usr/openssl/1.1/lib/engine
> files but there aren't any (same for 64-bit):
>
> ╭─andreas at skoll /usr/openssl/1.1/lib/pkgconfig
> ╰─➤  ls -l /usr/openssl/1.1/lib
> total 7445
> lrwxrwxrwx   1 root     root           1 Feb  6 11:17 32 -> ./
> lrwxrwxrwx   1 root     root           5 Feb  6 11:17 64 -> amd64/
> lrwxrwxrwx   1 root     root          12 Feb  6 11:17 CA.pl ->
> ../bin/CA.pl*
> drwxr-xr-x   3 root     sys            7 Feb  6 11:17 amd64/
> lrwxrwxrwx   1 root     root          16 Feb  6 11:17 libcrypto.so ->
> libcrypto.so.1.1*
> -r-xr-xr-x   1 root     bin      2947532 Feb  6 11:17 libcrypto.so.1.1*
> lrwxrwxrwx   1 root     root          13 Feb  6 11:17 libssl.so ->
> libssl.so.1.1*
> -r-xr-xr-x   1 root     bin       748144 Feb  6 11:17 libssl.so.1.1*
> drwxr-xr-x   2 root     sys            5 Feb  6 11:17 pkgconfig/
>
> "pkg contents openssl-11" doesn't show any engine files in the package.
>

Engines are not shipped with 1.1.

>
>
> Maybe unrelated to this: At the moment I try to build remmina with
> openssl-1.1 but it fails to link:
>
> [100%] Linking C executable remmina
> Undefined            first referenced
>  symbol                  in file
> ERR_load_crypto_strings
> CMakeFiles/remmina.dir/remmina_stats_sender.c.o
> ERR_free_strings
> CMakeFiles/remmina.dir/remmina_stats_sender.c.o
> ld: fatal: symbol referencing errors. No output written to remmina
>
> Regards,
> Andreas
>
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev
>


-- 
---
Praise the Caffeine embeddings
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20210207/4f8e37d7/attachment.html>


More information about the oi-dev mailing list