Bug#828608: Building with OpenSSL 1.0.2 is sufficient for stretch

Ferenc Wágner wferi at niif.hu
Sun Dec 11 16:06:54 UTC 2016

Control: tags -1 + patch

Adrian Bunk <bunk at stusta.de> writes:

> On Sun, Dec 11, 2016 at 03:13:58PM +0100, Ferenc Wágner wrote:
>> Adrian Bunk <bunk at stusta.de> writes:
>>> Not a perfect solution but sufficient for stretch is the patch below to 
>>> use OpenSSL 1.0.2
>>> [...]
>>>   libcurl4-openssl-dev,
>>>   liblog4shib-dev,
>>> - libssl-dev,
>>> + libssl1.0-dev | libssl-dev (<< 1.1.0~),
>> As previously established in this bug report, XMLTooling and cURL must
>> use the same OpenSSL version, because they exchange SSL_CTX pointers.
>> I think the only sensible way out would be introducing an OpenSSL 1.0
>> flavour of curl, and build-depending on libcurl4-openssl1.0-dev here.
>> See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844263.
> Having two different OpenSSL flavours of curl would open a whole new set 
> of problems, like what happens when a binary ends up linking both.
> Also note that due to the freeze deadlines any solution must be
> in a non-RC state in unstable before Christmas, to allow packages
> like moonshot-gss-eap to re-enter testing before January 5th.
> The best available solution is to force all r-(b)deps of libcurl4
> to stay at 1.0.2 for stretch:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844018#10
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844018#69

Do you mean that curl itself will stay with OpenSSL 1.0 in stretch?  I
haven't noticed this decision, but I'm certainly happy with it.  Sorry,
your patch is correct then.  Shall I upload ASAP, or wait for the
switchover in curl?

More information about the Pkg-shibboleth-devel mailing list