OpenSSL 1.1 in the base system [gordon, Bernard Spil?]
Added depends on for Bug #228865 where I'm recording fall-out with OpenSSL 1.1 in ports.
Added Jung-uk to CC, hope that's OK.
(In reply to Bernard Spil from comment #1)
Adding jkim or others is what these are for, if they do not want to be cc:'ed they can remove themselves easy enough.
Thank you for the added dependency as well.
Yeah, this will need an exp-run since it changes the (IIRC) DH API, if not others.
When you have a base patch ready, please request an exp-run to portmgr@
I am adding Allan Jude's email summarizing core@'s meeting.
As discussed in the core@ call today, we recommend that the best way
forward on this issue is to:
1) Use this bug to track the progress of the issue:
2) Get a preview version of the OpenSSL 1.1.1(pre whatever) patches ASAP
for people to start testing with
3) Request an exp-run with that patch to determine what ports breaks
with the newer version of OpenSSL in base. There is a bug tracking this
already from the ports side:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228865 but we feel it
is important to give the ports people as much time as possible to
resolve the issues ahead of the release.
4) Get things merged into -current ASAP to provide as much time as
possible to work out the issues ahead of the release. Even if that means
committing 1.1.1pre-8, and then updating to the final 1.1.1 release
closer to the final release of 12.0
Is there anything core@ can do to help?
(In reply to Rodney W. Grimes from comment #5)
> 2) Get a preview version of the OpenSSL 1.1.1(pre whatever) patches ASAP
> for people to start testing with
Related PR: 230679
See also https://reviews.freebsd.org/D15791
Status update: in the projects/openssl111 branch base system dependencies have been addressed except for heimdal, in review https://reviews.freebsd.org/D17276
openssl111 project branch merged to head in r339270