Intent to update security/openssl-devel to 1.1.1
Bernard Spil
brnrd at FreeBSD.org
Wed Mar 21 18:09:20 UTC 2018
On 2018-03-21 17:53, Mathieu Arnold wrote:
> On Wed, Mar 21, 2018 at 04:55:59PM +0100, Bernard Spil wrote:
>> I'm open to suggestions on keeping both version 1.1.0 and 1.1.1 in the
>> tree,
>
> Well, there is a -devel port to keep the development version of
> OpenSSL,
> no need to have more than one development version.
The -devel port hasn't been a -devel version since August 2017 with
r420878. Should I have put it up for reconsidering different naming back
then?
> At one point, someone will work on updating the non -devel port to the
> 1.1 branch, but nobody has worked on that yet.
Do you agree that we should create a security/openssl11 port so that
users can switch to that version if they wish? That would allow me to
update -devel to 1.1.1.p3 outright. More and more I feel like I'm
depriving early adopters of the ability to use TLSv1.3.
Myself, I consider 1.1.0 a kind-of -devel version for lack of support in
other ports. Analogous to OpenSSL 1.0.0 which hasn't seen widespread use
either. 1.1.1 brings additional features, primarily TLSv1.3, that make
it a target to be really used by e.g. web-servers.
In the background I have been working on updating security/openssl to
1.1 branch, but little of that has been visible. Amongst others I've
revisited the ports marked BROKEN with 1.1.
The fall-out is still too large to make this viable at this moment.
Blocking in my opinion:
- Qt4 & Qt5 (network)
- MIT krb5
- net-snmp
- MySQL
Currently blocking but fixable by switching versions
- Erlang 19 -> 20
- ...
Fall-out can be seen on my poudriere bulk-builder (with thanks to
Warwick Uni for letting me use it) https://keg.brnrd.eu/
Status for 1.1(.0) branch visible here
https://wiki.freebsd.org/OpenSSL/1.1.0
Bernard.
More information about the freebsd-ports
mailing list