On Út, 2016-10-11 at 09:25 -0600, Orion Poplawski wrote:
> On 10/07/2016 06:49 AM, Tomas Mraz wrote:
> >
> > Hi all,
> >
> > the openssl will be rebased in Rawhide to 1.1.0 on Monday. There
> > will
> > be also 1.0.2 compat package (compat-openssl10) so the dependencies
> > are
> > not broken and Rawhide should be installable. Also things that do
> > not
> > depend on openssl should be rebuildable without changes.
> >
> > On the other hand due to the major API changes in 1.1.0 if your
> > package
> > uses OpenSSL it will not be possible to rebuild it without
> > patching.
> > Some upstreams already updated their code to work with 1.1.0 so if
> > it
> > is your case again there might not be any problems rebuilding it.
> >
> > I will be also working on patching and rebuilding the dependencies
> > starting with minimal install and expanding to broader installs of
> > Fedora. However there might be cases where the package is using
> > some
> > obscure features of the old 1.0.x API and the port might be non-
> > trivial
> > - I do not expect such packages to be common however cooperation
> > with
> > the respective package upstream might be needed in such cases.
> >
> > At worst if the patching of a package is highly non-trivial and the
> > upstream is not responsive we might have to drop the package from
> > Fedora.
> >
> > We do not want to keep 1.0.2 devel around as that could make it to
> > look
> > like the 1.0.2 is still fully "supported" in Fedora and there would
> > be
> > no incentive to switch to 1.1.0. Also to get any new features from
> > upstream OpenSSL we have to move to newer versions as they are
> > released
> > as the old versions get only bug fixes.
> >
> It appears that setting:
>
> -DOPENSSL_API_COMPAT=0x10020000L
>
> Should at least partially get you the 1.0.2 API. Although clamav's
> configure
> test for SSL_library_init() doesn't #include <ssl.h> so that doesn't
> work for
> it out of the box.
Yes, it basically works for deprecated functions. However it does not
work for things that access structure members in the 1.0 API.
> Also, getting:
>
> crypto.c: In function 'cl_load_crl':
> crypto.c:1113:32: error: dereferencing pointer to incomplete type
> 'X509_CRL
> {aka struct X509_crl_st}'
> tm = cl_ASN1_GetTimeT(x->crl->nextUpdate);
> ^~
>
> So looks like it doesn't work for all cases.
Yes, all the structures are opaque regardless of OPENSSL_API_COMPAT.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
