PGNet Dev <pgnet.dev@xxxxxxxxx> wrote: >> I'm just dealing with trying to get openssl 1.1.0 to get installed on Ubuntu >> bionic. Yes, there is a package, but all the other packages depend upon >> 1.0.x.... and many things are linking against 1.0.x rather than 1.1, when >> both are installed... I don't know why they build stuff against 1.0.x >> rather than 1.1.0: I think it's a packaging oops. > In the "I'm guessing this is NOT news to anyone HERE" category .... No kidding. If we want to push making TLS available 1.3, then we need to do some remedial work where. > Even the packages that DO 'build against' 1.1.0 frequently do so by banking > on deprecated symbols made possible by lazy (imo) api-compat usage. I found that libssl-dev was not upgraded from 1.0.0 version to 1.1.0 version when I did the dist-upgrade. Once I flushed that, I could then rebuild things like ruby (and it's openssl module) against 1.1.0 correctly, and *THEN* re-install libssl1.0 to make openssh happy. > Packagers are frequently NOT cleaning up their openssl version-check logic, > and cleaning out old-/deprecated- symbols. In my experience, most seem not > to be interested, either; instead, the response mantra to entreaties about > clean/modern "--api=1.1.0" compatibility is "that's not what the distros > provide; just use that". +1.
Attachment:
signature.asc
Description: PGP signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users