From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] openssl 1.1.x deprecated option
Date: Wed, 06 Feb 2019 12:01:20 +0100 [thread overview]
Message-ID: <87ftt1ji4f.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20190206110832.5c5dc4b6@windsurf> (Thomas Petazzoni's message of "Wed, 6 Feb 2019 11:08:32 +0100")
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:
> Hello,
> On Wed, 6 Feb 2019 04:03:09 -0600
> Matthew Weber <matthew.weber@rockwellcollins.com> wrote:
>> I was thinking about how to manage the risk of a version bump vs
>> backport patches and found another possible solution.
>>
>> For openssl 1.1.x there are a series of deprecated APIs for items like
>> EVP_MD_CTX* which are now disabled and seem to result in 1/2 of the
>> failures. Would we entertain on some packages adding the libopenssl
>> "enable-deprecated" configure option [1] so that it re-enables those
>> options (could do this like we currently do with a kconfig package = y
>> condition in the libopenssl.mk)? Both mongodb and sqlcipher which
>> are currently failing should be resolved with this approach.
>>
>> Is this worth testing out / proposing?
> We could certainly have a BR2_PACKAGE_LIBOPENSSL_ENABLE_DEPRECATED
> option that enables those deprecated APIs, and have the packages that
> need that do:
> select BR2_PACKAGE_LIBOPENSSL_ENABLE_DEPRECATED if BR2_PACKAGE_LIBOPENSSL
> Thanks to this option, a "git grep
> BR2_PACKAGE_LIBOPENSSL_ENABLE_DEPRECATED" allows to quickly identify
> which are the remaining packages that still need those deprecated APIs.
Yes, that may be the most pragmatic option. Based on the statement in
https://github.com/openssl/openssl/issues/4985 it does sound like we
need to adjust the code (or CFLAGS) of each package using this option to
add:
#define OPENSSL_USE_DEPRECATED 1
Before including any openssl headers, which isn't nice - But still
better than complicated patches.
--
Bye, Peter Korsgaard
next prev parent reply other threads:[~2019-02-06 11:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-06 10:03 [Buildroot] openssl 1.1.x deprecated option Matthew Weber
2019-02-06 10:08 ` Thomas Petazzoni
2019-02-06 11:01 ` Peter Korsgaard [this message]
2019-02-06 12:15 ` Matthew Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ftt1ji4f.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox