> On Dec 28, 2016, at 7:02 AM, Alexander Kanavin > <alexander.kana...@linux.intel.com> wrote: > > On 12/27/2016 08:00 PM, Jeffrey Johnson wrote: > >> FYI: most of the openssl-1.1.0 port in rpm is now done. >> >> I’ve done “Do no harm testing.” with openssl-1.0.2j, will get to >> detailed openssl-1.1.0 testing as soon as I see a platform that >> distributes with openssl-1.1.0 (likely Fedora 26, not yet Fedora 25). > > Thanks! If you need a platform for testing, then debian testing (stretch) > does ship with both openssl 1.1 and 1.0. You can have both libraries > installed at the same time, but development packages mutually exclude each > other. Despite the name, debian testing is fairly stable. >
Two versions of openssl installed isn’t what is hard, setting up a platform with one version of openssl well integrated is what is hard. RPM links many libraries, some of which link openssl, and recompiling all RPM prerequisites to use a single version of openssl is very time consuming. Then there are issues of how openssl is installed: e.g. testing ECDSA usually requires rebuilding openssl and reading removed curves. Then there is openssl-fips which RPM5 uses (or used, I’ve not checked recently). openssl-fips-2.0.13 functions with openssl-1.0.x, but not openssl-1.1.x. FIPS 140-2 seems to be quite a mess these days, sigh. Getting all the HMAC’s installed and verified for FIPS 140-2 is always a chore. Meanwhile I have checked that RPM builds/links against openssl-1.1.0, and the code in ramie/rpmssl.c has rather simple usages of openssl. hth 73 de Jeff ______________________________________________________________________ RPM Package Manager http://rpm5.org Developer Communication List rpm-devel@rpm5.org
