Russ Allbery <r...@debian.org> writes: > Bernd Zeimetz <b...@debian.org> writes: > >> unfortunately your decision to depend on libssl1.0-dev breaks the build >> open-vm-tools as most other build-dependencies decided to migrate to >> the new openssl version. > >> I know that shibboleth is the issue, but the current situation breaks >> open-vm-tools, which is a requirement if you want to run Debian on >> vmware - and there are *loads* of installations out there. > > Well, my understanding is that xml-security-c doesn't support OpenSSL 1.1 > upstream, the porting is not trivial, and will not be completed in the > release time frame. So I'm not sure there's any other alternative. > > Whatever dependencies that were pushing open-vm-tools to 1.1 may have to > be reverted back to 1.0.
Just adding that Shibboleth itself is also problematic, because XMLTooling, which is incompatible with OpenSSL 1.1, uses libcurl, which already switched to OpenSSL 1.1. So switching xml-security-c to OpenSSL 1.0 did not actually solve the problem for Shibboleth because of the above version clash in XMLTooling. While I've got the patches porting xml-security-c and XMLTooling to OpenSSL 1.1, they aren't integrated into upstream yet (and probably won't ever be in their current form). So at least libcurl will have to be switched back to OpenSSL 1.0, or the Shibboleth stack will see serious trouble. Shall I bring it up with the curl maintainers? Or wait for the conclusion on debian-devel? -- Thanks, Feri
