[oi-dev] phasing out openssl 1.0.2 (mostly)

Till Wegmüller toasterson at gmail.com
Fri Apr 19 16:48:02 UTC 2024


On 19.04.24 03:43, Goetz T. Fischer wrote:
> a few updates here ...
> 
> i've been going through the list and picked the ones which are reachable from the outside first but
> also gave gftp a try. gftp and rsync turned out to be cases which don't take openssl 3 by just
> settings the usual as well as specific environment variables and don't offer related build options
> either. with the mediator set to 3.1 however they worked fine. of course that's a flaw in the
> buildsystem somewhere but these are 2 examples where the additional effort wouldn't be justified as
> far as i'm concerned.
> uw imap and mongodb 4.4 don't support ssl 3 and uw imap's last releaase was in 2011 anyway. mongodb
> would have to be updated to at least 6.0.7 for ssl 3 support.
Which would be good since 4.4 is EOL end of October anyway. Jumping a 
couple of major versions is no problem with a restore procedure. In 
Place it will refuse to start and people will have to revert to older 
boot environments to start it. It is however a package we need to build 
manually as it requires AVX support in the System which our current 
buildserver does not have. But we can work around that.
> the last relevant one from the list was proftpd. however, the current version 1.3.8b uses dprintf()
There is a pending patch or even RTI for that open, 
https://www.illumos.org/issues/16151 WOuld be a good reason to push the 
illumos people a bit :)
> which indiana doesn't have so that would have to be patched first before trying ssl things. the
> buildsystem though, like gftp and rsync, only has a general --enable-openssl option which could
> cause similar problems as with rsync and gftp.
> also on the list is tor. that i didn't try because i'm not sure how much that's actually used and
> whether we wanna keep it given its reputation. personally i like tor and use it quite often for
> "normal" browsing just because of the anonymity. but that's not my call so ...
If you use it on OpenIndiana that is good enough for me to keep it :)
> 
> 
> --
> R-A-C
> Götz T. Fischer CertIT&Comp
> +49(0)7225/98 98 79
> g.fischer at r-a-c.de
> r-a-c.de
> 
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev



More information about the oi-dev mailing list