Bug#844263: libxml-security-c-dev: depending on libssl1.0-dev breaks open-vm-tools

Ferenc Wágner wferi at niif.hu
Sun Dec 4 16:09:58 UTC 2016

Russ Allbery <rra at debian.org> writes:

> wferi at niif.hu (Ferenc Wágner) writes:
>> Just adding that Shibboleth itself is also problematic, because
>> XMLTooling, which is incompatible with OpenSSL 1.1, uses libcurl,
>> which already switched to OpenSSL 1.1.  So switching xml-security-c
>> to OpenSSL 1.0 did not actually solve the problem for Shibboleth
>> because of the above version clash in XMLTooling.  Shall I bring it
>> up with the curl maintainers?  Or wait for the conclusion on
>> debian-devel?
> This seems like something we're going to have to figure out
> project-wide, since the way the transition is currently set up doesn't
> seem likely to work.


I can't see any conclusion in the OpenSSL 1.1 thread on debian-devel,
but we're running out of time.  We can't keep XMLTooling at OpenSSL 1.0,
because libcurl uses 1.1, but we can't switch to 1.1 either, because the
latest upstream release doesn't support it yet.  Have we got any option
left to ship Shibboleth in stretch after all?

More information about the Pkg-shibboleth-devel mailing list