On 12/28/16 8:25 AM, Jeffrey Johnson wrote: > >> On Dec 28, 2016, at 7:02 AM, Alexander Kanavin >> <alexander.kana...@linux.intel.com> wrote: >> >> On 12/27/2016 08:00 PM, Jeffrey Johnson wrote: >> >>> FYI: most of the openssl-1.1.0 port in rpm is now done. >>> >>> I’ve done “Do no harm testing.” with openssl-1.0.2j, will get to >>> detailed openssl-1.1.0 testing as soon as I see a platform that >>> distributes with openssl-1.1.0 (likely Fedora 26, not yet Fedora 25). >> >> Thanks! If you need a platform for testing, then debian testing (stretch) >> does ship with both openssl 1.1 and 1.0. You can have both libraries >> installed at the same time, but development packages mutually exclude each >> other. Despite the name, debian testing is fairly stable. >> > > Two versions of openssl installed isn’t what is hard, setting up a platform > with one version of openssl well integrated is what is hard. > > RPM links many libraries, some of which link openssl, and recompiling > all RPM prerequisites to use a single version of openssl is very time > consuming. > > Then there are issues of how openssl is installed: e.g. testing ECDSA > usually requires rebuilding openssl and reading removed curves. > > Then there is openssl-fips which RPM5 uses (or used, I’ve not checked > recently). > openssl-fips-2.0.13 functions with openssl-1.0.x, but not openssl-1.1.x. > FIPS 140-2 > seems to be quite a mess these days, sigh. Getting all the HMAC’s installed > and > verified for FIPS 140-2 is always a chore.
AFAIK, only openssl 1.0.x supports the FIPS module. There are a few folks looking at private implementations of the older module with OpenSSL 1.1.x, but definitely not official. --Mark > Meanwhile I have checked that RPM builds/links against openssl-1.1.0, and > the code in ramie/rpmssl.c has rather simple usages of openssl. > > hth > > 73 de Jeff > > ______________________________________________________________________ > RPM Package Manager http://rpm5.org > Developer Communication List rpm-devel@rpm5.org > ______________________________________________________________________ RPM Package Manager http://rpm5.org Developer Communication List rpm-devel@rpm5.org
