On 10/12/2020 17:15, Greg Troxel wrote:
In this case, it seems you are using old NetBSD and pkgsrc is built
against a newer version than 9.0 because there are some bugs ixed that
matter tor other things (rust, not apache AFAIK).
Rust is a PITA. As someone that does my own local builds for pkgin I
have a lot of sympathy for that decision.
Also, openssl 1.1.1g really ought to be binary compatible with 1.1.1d.
If not that's an openssl bug, and it's a bug in NetBSD that we applied
it on the branch. But, my best guest is that it's toally fine.
I'd expect it to be safe as well. The biggest risk would be if the newer
modssl used a symbol that didn't exist in the old library but that would
blow up completely at module load time.
Entirely separately from compat, you should be running recent openssl
anyway, as a matter of security best practices.
This is very true in this case. I'm fairly certain at least one of the
openssl bugfixes in 9.1 relates to TLS handshake issues that could
impact an server offering https.
Mike
