On Wed, 2016-11-16 at 09:34 +0000, Thomas Habets wrote: > Looks like trousers will be kicked out of Debian if not fixed by > 2016-12-01, if I read my warning emails right. > > http://bugs.debian.org/828579 >
Thanks for the heads-up! I picked up the patch submitted to RHEL, manually rebased it to the latest tree with little changes and tested it. The patch is backward compatible as it's working fine on a system with OpenSSL 1.0.x. Tpm-tools, TSS test suites and Software TPM are not rebased to the new OpenSSL level yet. So, we can't have a full test for TrouSers with OpenSSL 1.1 at this point. However, it builds and the TCSD is up running. I'll be getting the updated package into Ubuntu soon. I'm uncertain about the drop of TrouSerS in Nov. I'm going to join the Debian mailing list to ask. "libssl1.0.2 must be removed from testing in November" was vague to me. In fact, the related package, tpm-tools, is also affected. Vicky > On 9 November 2016 at 23:58, Hon Ching(Vicky) Lo > <[email protected]> wrote: > > On Wed, 2016-11-09 at 23:09 +0000, Thomas Habets wrote: > >> On 9 November 2016 at 21:22, Hon Ching(Vicky) Lo > >> <[email protected]> wrote: > >> > Patches for TrouSers that support OpenSSL1.1 are welcomed! However, > >> > 1) they need to be tested. > >> > >> Is there a testing procedure, or are you just talking about building > >> it and seeing that it seems to be working? > >> > >> What could I do to help? > > > > Sorry, I missed telling you the testing. Normally, I would test it by > > running the TrouSers test suites to make sure nothing breaks. (i.e. not > > just making sure that it builds) > > > > > > Regards, > > Vicky > > > > > >> > >> > 2) they need to be backward-compatible. > >> > Since your patch doesn't work with OpenSSL1.0, would it be possible that > >> > if you "#ifdef" your code? > >> > >> It looks like the RedHat patch attached to > >> https://bugzilla.redhat.com/show_bug.cgi?id=1388518 already supports > >> both OpenSSL 1.0 and 1.1. > >> > >> I say this because it conditionally implements this function for older > >> OpenSSL: > >> > >> [...] > >> +#if OPENSSL_VERSION_NUMBER < 0x10100001L > >> +static int > >> +RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) > >> +{ > >> [...] > >> > >> Is this not working for you? > >> > > > > > > > ------------------------------------------------------------------------------ _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
