Thomas Klausner <wiz%NetBSD.org@localhost> writes: > On Mon, Jul 11, 2022 at 08:16:53PM -0400, Greg Troxel wrote: >> I am unclear on the degree of breakage: >> >> - Is it expected that a program that builds against 1.1.1 with no >> deprecation warnings will build against 3? > > I don't think so. I've seen changelogs that explicitly mention > openssl3 support. So I think we have to wait until we can declare programs that don't support openssl3 as broken. Of course the real bug is openssl's lack of API compat. >> > * how do we handle operating systems that are still on 1.0 or 1.1 >> > branches? >> >> I would expect 3 in pkgsrc and 1.1 native is just like 1.1 pkgsrc and >> 1.0 native. That seems to work more or less fine. Can you clarify >> your concern? > > I think that like 1.1 was replacing 1.0, 3 will replace 1.1. But then > you'd have to link everything against one version of it to avoid > mixing libssl.1 and libssl.3 in the same binary. Perhaps it's working > by accident with 1.0 and 1.1, I'm not sure. Sure, but on systems where builtin openssl is rejected by pkgsrc, every package builds against the pkgsrc version. The only problem is system libs that link against 1.0, and it seems that in practice we are mostly getting away with it.
Description: PGP signature