228912 – OpenSSL 1.1 in the base system

Bug 228912 - OpenSSL 1.1 in the base system

Summary: OpenSSL 1.1 in the base system

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Gordon Tetlow

URL:
Keywords:

Depends on:
Blocks:	228911
	Show dependency tree / graph

Reported:	2018-06-12 08:00 UTC by Rodney W. Grimes
Modified:	2019-11-18 22:34 UTC (History)
CC List:	7 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rodney W. Grimes freebsd_committer

2018-06-12 08:00:49 UTC

OpenSSL 1.1 in the base system [gordon, Bernard Spil?]

Comment 1 Bernard Spil freebsd_committer

2018-06-12 13:53:03 UTC

Added depends on for Bug #228865 where I'm recording fall-out with OpenSSL 1.1 in ports.

Added Jung-uk to CC, hope that's OK.

Comment 2 Rodney W. Grimes freebsd_committer

2018-06-12 14:01:10 UTC

(In reply to Bernard Spil from comment #1)
Adding jkim or others is what these are for, if they do not want to be cc:'ed they can remove themselves easy enough.
Thank you for the added dependency as well.

Comment 3 Conrad Meyer freebsd_committer

2018-06-12 17:40:23 UTC

Yeah, this will need an exp-run since it changes the (IIRC) DH API, if not others.

Comment 4 Antoine Brodin freebsd_committer

2018-07-11 20:34:11 UTC

When you have a base patch ready, please request an exp-run to portmgr@

Comment 5 Rodney W. Grimes freebsd_committer

2018-08-22 14:52:34 UTC

I am adding Allan Jude's email summarizing core@'s meeting.

Re: OpenSSL

As discussed in the core@ call today, we recommend that the best way
forward on this issue is to:

1) Use this bug to track the progress of the issue:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228912

2) Get a preview version of the OpenSSL 1.1.1(pre whatever) patches ASAP
for people to start testing with

3) Request an exp-run with that patch to determine what ports breaks
with the newer version of OpenSSL in base. There is a bug tracking this
already from the ports side:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228865 but we feel it
is important to give the ports people as much time as possible to
resolve the issues ahead of the release.

4) Get things merged into -current ASAP to provide as much time as
possible to work out the issues ahead of the release. Even if that means
committing 1.1.1pre-8, and then updating to the final 1.1.1 release
closer to the final release of 12.0

Is there anything core@ can do to help?

Comment 6 Conrad Meyer freebsd_committer

2018-08-22 16:11:03 UTC

(In reply to Rodney W. Grimes from comment #5)
> 2) Get a preview version of the OpenSSL 1.1.1(pre whatever) patches ASAP
> for people to start testing with

Related PR: 230679

Comment 7 Ed Maste freebsd_committer

2018-09-12 19:13:37 UTC

See also https://reviews.freebsd.org/D15791

Comment 8 Ed Maste freebsd_committer

2018-09-24 19:31:25 UTC

Status update: in the projects/openssl111 branch base system dependencies have been addressed except for heimdal, in review https://reviews.freebsd.org/D17276

Comment 9 Ed Maste freebsd_committer

2018-10-10 00:25:05 UTC

openssl111 project branch merged to head in r339270
https://reviews.freebsd.org/rS339270

Comment 10 John Baldwin freebsd_committer

2019-11-18 22:34:34 UTC

1.1.1 shipped in 12.0.  Remove the ports bug so this can be closed.