Re: openssl3?

[Thomas Klausner <wiz%NetBSD.org@localhost>]

On Mon, Jul 11, 2022 at 08:16:53PM -0400, Greg Troxel wrote:
> 
> Thomas Klausner <wiz%NetBSD.org@localhost> writes:
> 
> > Does anyone have a plan on how to integrate openssl3 in pkgsrc?
> 
> no.

I had hoped e.g. Jonathan would have a plan already :)

> > I assume that packaging the software itself will not be the problem, but
> 
> step 1 is a package in wip, it seems.

Well, as I said, it's not difficult, and I've just pushed one.

> > * can we parallel-install it with openssl 1.1.1?
> >   -> can we switch package-per-package to openssl 3 or must we switch
> >      all at once?
> 
> Good question; it could be treated like guile, but that may be a lot of
> work.  Once we have a package someone could locally point at it and do a
> bulk build and see what happens.
> 
> I am unclear on the degree of breakage:
> 
>   - Is it expected that a program that builds against 1.1.1 with no
>     deprecation warnings will build against 3?

I don't think so. I've seen changelogs that explicitly mention
openssl3 support.

>   - What is the general state of upstreams: what fraction of ssl-using
>     packages have releases that build cleanly with openssl3.

No idea.

> > * how do we handle operating systems that are still on 1.0 or 1.1
> >   branches?
> 
> I would expect 3 in pkgsrc and 1.1 native is just like 1.1 pkgsrc and
> 1.0 native.   That seems to work more or less fine.   Can you clarify
> your concern?

I think that like 1.1 was replacing 1.0, 3 will replace 1.1.  But then
you'd have to link everything against one version of it to avoid
mixing libssl.1 and libssl.3 in the same binary. Perhaps it's working
by accident with 1.0 and 1.1, I'm not sure.
 Thomas