Shibboleth and OpenSSL 1.1
Ferenc Wágner
wferi at niif.hu
Sat Oct 29 07:42:52 UTC 2016
Sam Hartman <hartmans at debian.org> writes:
> How do things look being able to respond to the shibboleth SSL 1.1 bugs?
Well, xmltooling has grown an openssl1.1 branch upstream and
https://issues.shibboleth.net/jira/browse/CPPXT-110 is active (though
not optimistic).
Since xmltooling depends on xml-security-c and
https://wiki.shibboleth.net/confluence/display/OpenSAML/XML-Security-C
mentions OpenSSL 1.1 as a non-issue, I'm somewhat baffled by #828607,
but it certainly looks genuine. It also looks easy to solve by the very
example advertised at https://wiki.openssl.org/index.php/1.1_API_Changes.
I still don't get how it doesn't hurt upstream, though.
In short, there is some hope to close these bugs in time.
--
Regards,
Feri
More information about the Pkg-shibboleth-devel
mailing list