Unbelievable ! Openssl 1.0 packages are close to be on their way to the OpenCSW repository.
You will find openssl 1.0.1c packages in my experimental repository:
yes | pkgrm CSWopenssl-utils CSWlibssl-dev
Before releasing them, I would welcome additional testing from other members and in particular, build tests with these new libraries.
I already rebuild my own packages (openssh, vsftpd, lftp) to ensure there's no build and execution problem.
I updated the PKCS11 patch so these libraries should still take advantage of sparc crypto capabilites if you enable the pkcs11 engine.
I am working on integrating the T4 and aesni crypto acceleration support but it would be in a later build (and it seems solaris 11 specific).
Some notes concerning the migration:
- libssl_dev will be replaced with the 1.0.1c version so once it will be installed on the buildfram, all subsequent will be linked with libssl 1.0
and it will be not possible anymore to build against libssl 0.9.8
There doesn't seem to be API incompatibility and the same choice has been done by other distro, but this is the reason why I would
welcome additional build tests so I can be certain.
- libssl 0.9.8 will of course still be there (and maintained), it can be installed alongside libssl 1.0.
Starting with libssl 1.0, the SSL engines directory has been moved in a versioned directory so we don't have filenames clash.
However, within a month or two, I will start to fill bug against packages linked with libssl 0.9.8 to ask for a rebuild with libssl 1.0.
- libssl relies on system-wide hash symbolic links located in /etc/opt/csw/ssl/certs to verify certificates (provided by the ca_certificates packages under OpenCSW).
Unfortunately, the hash system has changed between 0.9.8 and 1.0, the ca_certificates package and the c_rehash script (used to generate the symlinks) have been
modified to always generate the old and the new hash symlinks. There is clash risk but it should be low.
- I don't plan on updating the openssl package so that it depends on libssl 1.0. This package is a legacy of a time where there was a unique package containing libraries, development files and the openssl tools. Packages should no longer depend on this package and I prefer to drop it the day we will remove libssl 0.9.8 from the repository.
Thanks in advance for any comment and feedback,
Yann