[Pkg-openssl-devel] Bug#844160: openssl 1.1 and apache2
Kurt Roeckx
kurt at roeckx.be
Wed Nov 16 19:36:49 UTC 2016
On Mon, Nov 14, 2016 at 03:06:44PM -0800, Russ Allbery wrote:
> Stefan Fritsch <sf at debian.org> writes:
>
> > I must admit that I did not think of php when doing that change, sorry.
>
> > On the other hand, shibboleth-sp2 also build-depends on apache2-dev and there
> > have been some indications that shibboleth won't be switching to openssl 1.1
> > for stretch. See https://lists.debian.org/debian-release/2016/11/msg00024.html
>
> It turns out that Shibboleth will be okay if Apache goes to 1.1. The
> Shibboleth code that goes into Apache is isolated from the OpenSSL use
> inside Shibboleth, so we can keep building Shibboleth against 1.0 and
> Apache can go to 1.1 and all the pieces are happy. (The OpenSSL work is
> done in a separate daemon, shibd, that the Apache module talks to.)
So I looked at apache2-dev to see why it depends on libssl-dev.
The only thing I can find is that mod_ssl_openssl.h provides some
hooks, and you actually get SSL_CTX * and SSL * in there. But
nothing in Debian seems to include that file.
Kurt
More information about the Pkg-shibboleth-devel
mailing list