On Mon, Nov 14, 2016 at 05:03:45AM +0100, Ondřej Surý wrote:
> > Looking at mod_ssl_openssl.h and the comment in #828330,
> > I'd suggest the change below to add a dependency on libssl1.0-dev
> > to apache2-dev.
>
> And that exactly happens meaning that PHP 7.0 can no longer be built
> unless all it's build-depends (including PHP 7.0) and rdepends move to
> libssl1.0-dev as well.
>
> So a nice deadlock, right? To be honest I would rather have a slightly
> less tested apache2 with OpenSSL 1.1.0 and iron out the bugs as we go
> than revert all the work I have done.
>
> I reviewed the patch Kurt has provided and I don't see any strong reason
> why anything should break.
>...
Can you guarantee that rdeps of Apache can use 1.0.2 in stretch when
Apache itself uses 1.1?
That is the most important question here.
This is what my "mod_ssl_openssl.h and the comment in #828330"
was referring to.
The dual 1.0.2/1.1 setup for stretch can only work when any set of
packages in the archive that needs the same OpenSSL version stays
at 1.0.2 unless *all* packages in this set are compiling and working
fine with 1.1
And since the OpenSSL version used is part of the libcurl3 ABI
(see #844018 for details), using 1.1 in stretch is anyway not
really an option for Apache/PHP in stretch.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
