RE: Will OpenSSL 1.1l be back ported to 2021Q2?

["Lai, Peter C PW" <peter.lai2%prattwhitney.com@localhost>]

Actually it is not. It's 1.0.2k in order to maintain support for FIPS compliance, but RH backports important security fixes.

Here's the mk.conf snippet to force linking to RH 1.0.2k

# required to build against RHEL FIPS OpenSSL
PREFER_NATIVE=          openssl curl zlib
USE_BUILTIN.openssl=    yes
PREFER.openssl=         native
USE_BUILTIN.zlib=       yes
USE_BUILTIN.ncurses=    yes
PREFER.zlib=            native

Works for everything I've built so far (curl, git-base, python, pgsql, perl/p5 ssl modules, nginx)

Any statements are solely my own opinion and do not represent Pratt & Whitney or Raytheon Technologies.

> -----Original Message-----
> From: pkgsrc-users-owner%NetBSD.org@localhost [mailto:pkgsrc-users-
> owner%NetBSD.org@localhost] On Behalf Of Morgan, Iain (ARC-TN)[InuTeq, LLC]
> Sent: Thursday, September 2, 2021 2:04 PM
> To: Greg Troxel <gdt%lexort.com@localhost>
> Cc: pkgsrc-users%netbsd.org@localhost
> Subject: [External] Re: Will OpenSSL 1.1l be back ported to 2021Q2?
> 
> Unfortunately, RHEL 7 uses OpenSSL 1.0.2k, which I expect is too old for
> pkgsrc.
> 
> I tried your suggestion and did a bmake replace last night after pulling in
> security/openssl from HEAD. That worked fine and I tested several packages
> (curl, wget, git, python3.9) without any issues. I plan to do further testing
> today.
> 
> --
> Iain
> 
> On 9/2/21, 05:17, "Greg Troxel" <gdt%lexort.com@localhost> wrote:
> 
> 
>     "Morgan, Iain (ARC-TN)[InuTeq, LLC]" <iain.morgan%nasa.gov@localhost> writes:
> 
>     > Oh, I forgot to answer your question. I'm doing a source build for RHEL 7.
> 
>     I asked because on NetBSD pkgsrc openssl is not used.
> 
>     I would think on RHEL it would not be used if the base system is up to
>     date.  But I don't use Linux.
>