Is there yet a clean way to upgrade to OpenSSL 1.1.1?
Bill Cole
macportsusers-20171215 at billmail.scconsult.com
Thu Apr 18 21:05:10 UTC 2019
It's about time to get everything off the soon-to-be-EOL'd OpenSSL 1.0.2
and onto 1.1.1, particularly with so-called 'security scanners' scolding
for lack of TLSv1.3 support. I was happy to see the advent of openssl10
and openssl11 ports which purport to simplify migration, but it's not
clear to me how that is true...
I also see https://github.com/macports/macports-ports/pull/3822, which
is a WIP but it looks like people are testing against it?
Anyway: I have a SnowLeopard machine doing utility server work (Postfix,
Apache, Dovecot, BIND) which I'd like to update, but it is not clear to
me how (or even whether) it is possible to build 1.1.1 and use it to
build all the relevant dependents without taking down services for the
extended period it will take to build the dependency chain between
OpenSSL and each of them. On a 2006 1st-gen Core Duo, this is likely to
be measured in hours of aggregate downtime.
Is there some approach that I'm not seeing to build against the new
version while leaving services that use the old version (and spawn
worker children while running) up and functional?
--
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
More information about the macports-users
mailing list