hans at stare.cz
Sun Apr 22 09:33:26 UTC 2018
I prepared a PR to upgrade LibreSSL to 2.7.2
Three changes that seem most relevant to me
(quoting directly from the release notes):
* Fixed builds macOS 10.11 and older.
* Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
observations of real-world usage in applications. These are
implemented in parallel with existing OpenSSL 1.0.1 APIs
- visibility changes have not been made to existing structs,
allowing code written for older OpenSSL APIs to continue working.
* Extensive corrections, improvements, and additions to the
API documentation, including new public APIs from OpenSSL that had
no pre-existing documentation.
There is goodness; I have tested with a couple of ports,
and some ports can actually drop their patches.
I am writing here to give it a wider audience;
can maintainers/users of SSL-dependent ports
please test with this branch?
In particular, can people on MacOS 10.11
please describe what exactly the probem is/was
and please confirm it disappears with 2.7.2?
Given the extended compatibility with OpenSSL 1.0.2 and 1.1 API,
I suspect more ports will get easier, possibly dropping the patch
altogether (like e.g. libevent).
In particular, there is kerberos5; the libressl.patch must get easier now,
because we have EVP_MD_CTX_new() and EVP_MD_CTX_free(). I have not looked
at it in detail - Rainer, could you please look at it?
For completeness sake, Jeremy (maintainer)
has reservations to upgrading at all:
More information about the macports-users