Unbelievable ! Openssl 1.0 packages are close to be on their way to the OpenCSW repository.<div><br></div><div>You will find openssl 1.0.1c packages in my experimental repository:</div><div> yes | pkgrm CSWopenssl-utils CSWlibssl-dev</div>
<div> pkgutil -t <a href="http://buildfarm.opencsw.org/opencsw/experimental/yann" target="_blank">http://buildfarm.opencsw.org/opencsw/experimental/yann</a> -i openssl_utils libssl_dev libssl1_0_0</div>
<div><br></div><div>Before releasing them, I would welcome additional testing from other members and in particular, build tests with these new libraries.</div><div>I already rebuild my own packages (openssh, vsftpd, lftp) to ensure there's no build and execution problem.</div>
<div><br></div><div>I updated the PKCS11 patch so these libraries should still take advantage of sparc crypto capabilites if you enable the pkcs11 engine.</div><div>I am working on integrating the T4 and aesni crypto acceleration support but it would be in a later build (and it seems solaris 11 specific).</div>
<div><br></div><div><br></div><div>Some notes concerning the migration:</div><div><br></div><div> - libssl_dev will be replaced with the 1.0.1c version so once it will be installed on the buildfram, all subsequent will be linked with libssl 1.0</div>
<div> and it will be not possible anymore to build against libssl 0.9.8</div><div> There doesn't seem to be API incompatibility and the same choice has been done by other distro, but this is the reason why I would </div>
<div> welcome additional build tests so I can be certain.</div><div><br></div><div><br></div><div> - libssl 0.9.8 will of course still be there (and maintained), it can be installed alongside libssl 1.0.</div><div> Starting with libssl 1.0, the SSL engines directory has been moved in a versioned directory so we don't have filenames clash.</div>
<div> </div><div> However, within a month or two, I will start to fill bug against packages linked with libssl 0.9.8 to ask for a rebuild with libssl 1.0.</div><div><br></div><div><br></div><div> - libssl relies on <span style="font-size:12px;white-space:pre-wrap">system-wide hash symbolic links located in /etc/opt/csw/ssl/certs to verify certificates (provided by the ca_certificates packages under OpenCSW). </span></div>
<div><span style="font-size:12px;white-space:pre-wrap"> Unfortunately, the hash system has changed between 0.9.8 and 1.0, t</span><span style="font-size:12px;white-space:pre-wrap">he ca_certificates package and the c_rehash script (used to generate the symlinks) have been </span></div>
<div><span style="font-size:12px;white-space:pre-wrap"> modified to always generate the old and the new hash symlinks. There is clash risk but it should be low.</span></div><div><span style="font-size:12px;white-space:pre-wrap">
</span></div><div><span style="font-size:12px;white-space:pre-wrap"> - I don't plan on updating the openssl package so that it depends on libssl 1.0. This package is a legacy of a time where there was a unique package containing libraries, development files and the openssl tools. </span><span style="font-size:12px;white-space:pre-wrap">Packages should no longer depend on this package and I prefer to drop it the day we will remove libssl 0.9.8 from the repository.</span></div>
<div><span style="font-size:12px;white-space:pre-wrap"><br></span></div><div><span style="font-size:12px;white-space:pre-wrap"><br></span></div><div><span style="font-size:12px;white-space:pre-wrap">Thanks in advance for any comment and feedback,</span></div>
<div><span style="font-size:12px;white-space:pre-wrap"><br></span></div><div><span style="font-size:12px;white-space:pre-wrap">Yann</span></div><div><span style="font-size:12px;white-space:pre-wrap"><br>
</span></div>