Shibboleth and OpenSSL 1.1

Ferenc Wágner wferi at
Sat Oct 29 07:42:52 UTC 2016

Sam Hartman <hartmans at> writes:

> How do things look being able to respond to the shibboleth SSL 1.1 bugs?

Well, xmltooling has grown an openssl1.1 branch upstream and is active (though
not optimistic).

Since xmltooling depends on xml-security-c and
mentions OpenSSL 1.1 as a non-issue, I'm somewhat baffled by #828607,
but it certainly looks genuine.  It also looks easy to solve by the very
example advertised at
I still don't get how it doesn't hurt upstream, though.

In short, there is some hope to close these bugs in time.

More information about the Pkg-shibboleth-devel mailing list