Backporting to stretch: OpenSSL versions mix

Etienne Dysli Metref etienne.dysli-metref at switch.ch
Mon Mar 18 12:34:21 GMT 2019


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Ferenc,

I've backported xmltooling 3.0.4 and opensaml 3.0.0. However, testing
with piuparts shows that -dev packages can't be installed. The root
cause of the conflict seems to be that a) xmltooling depends on
libssl-dev (which is OpenSSL 1.1 in stretch) and b) xmltooling also
depends on libcurl4-openssl-dev which in turn transitively depends on
libssl1.0-dev | libssl-dev (<< 1.1) (i.e. OpenSSL 1.0). How can I
untangle that and use only one version of OpenSSL?

IIRC, the SPv3 is not backwards-compatible with OpenSSL 1.0, is it?
Also, it must use the same version of OpenSSL libcurl has been
compiled against because they exchange SSL_CTX structs... So I could
either rebuild everything against OpenSSL 1.0 or request a backport of
libcurl4-openssl-dev on stretch that would use OpenSSL 1.1. What do
you think?

Cheers,
   Etienne
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEELcQv7Fsn8jFmeD9mw2QssxGaOsAFAlyPkEcACgkQw2QssxGa
OsCh6A/8DNmU7c0P/D5GJA8BKnRPDnGxSGw/hZNZ2MEDplFZkYVIP1v25T0E4r4U
M9StoC3X89th4spEHPTMpjXn5Z3rRrelUT7Q/by7MdigMZIJuaff6IfVCPqvVpQM
WQpG7pDbF5O7dweoSapAxA7I0bH1zFHcmG+4/23K2rSzJoc1RYfYTQrMSVpBBnxD
0OLCoa9ZzqZGnsEvgxSxSQtyWFnrhZMreuv9Dqzgc57g0nfj7VyXo/bQvFi6lRE6
pGxD0KIw4T1joaRku4W7CHP7HZ6hKSvXCAdlAFW7/qNVTqovK0qEzDSdr0zQPkBx
JXqt+RtXCxgM1o9cNwaBFlD+JeyxY+psFOEpENV+1pGCr2CG08GcwhQnA2yuKTuB
mj4w0X4oj3+2ClDAou7n29J1CinRSOhSXawHjb6ZsCzZrHnXZQxzJI9AXACaUgYS
6S94MhYRHrD3t9qPwhQC68cqazEQwWIB1/A1sm2mkNOhtNjBLRIOfetAOaLiVzwb
YBarawaeNUqsWYonMhsRqJ3uLkWQmYDgpoXeTJdgsiFmA7f7zl3JthqdICxKouN3
70WR/lOGLi0Uis3G4SH/CNm9xQ8s+DYrgAkfLfe/SxKBrrWC7tXxXBvjKppKwfbx
wrk16+gmXJY/ogg9prfwtsw0eJDSzmWM0CuEcNFGl+1VpVJ5Iik=
=T8FR
-----END PGP SIGNATURE-----



More information about the Pkg-shibboleth-devel mailing list