Github messages for voidlinux
 help / color / mirror / Atom feed
* [ISSUE] [RFC] Switching back to OpenSSL
@ 2020-04-12 21:44 Johnnynator
  2020-04-13  0:45 ` travankor
                   ` (141 more replies)
  0 siblings, 142 replies; 143+ messages in thread
From: Johnnynator @ 2020-04-12 21:44 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 788 bytes --]

New issue by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935

Description:
OpenSSL nowadays doesn't have the issues anymore it had back in 2015 and significantly more Contributors watching and improving it. LibreSSL usually lacks behind in terms of supported algorithms and doesn't support the same API. Libs like Qt dropping support for OpenSSL 1.0 makes it significantly harder to maintain a (correct) patchset for LibreSSL support.

### OpenSSL Pros

* Not that many (potentially wrong) patches needed, proper upstream support for nearly ever lib/program
* Potentially faster on non x86_64 platforms
* Access to newer Algorithms earlier
* No ABI breakage every 6 month

### LibreSSL Pros

* Potentially safer by default (?)

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
@ 2020-04-13  0:45 ` travankor
  2020-04-13  0:46 ` xtraeme
                   ` (140 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-13  0:45 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 563 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701546

Comment:
Another advantage: OpenSSL is switching to a license the OpenBSD consider [non-free](https://www.openbsd.org/policy.html) (Apache-2.0, which Void considers free). This means the codebase between openssl and libressl is more likely to diverge.

I think having better software and hardware support (ie: aarch64 crypto acceleration) is more useful for Void than security (not that openssl is super insecure these days).

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
  2020-04-13  0:45 ` travankor
@ 2020-04-13  0:46 ` xtraeme
  2020-04-13  0:48 ` protonesso
                   ` (139 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-13  0:46 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 176 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701686

Comment:
Cons: openssl needs perl to build

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
  2020-04-13  0:45 ` travankor
  2020-04-13  0:46 ` xtraeme
@ 2020-04-13  0:48 ` protonesso
  2020-04-13  0:55 ` q66
                   ` (138 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: protonesso @ 2020-04-13  0:48 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 150 bytes --]

New comment by protonesso on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701979

Comment:
bruh

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (2 preceding siblings ...)
  2020-04-13  0:48 ` protonesso
@ 2020-04-13  0:55 ` q66
  2020-04-13  0:57 ` q66
                   ` (137 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-13  0:55 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 634 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612703000

Comment:
I'd argue that OpenSSL is safer, since it just gets a lot more attention and audit nowadays. Since heartbleed a lot of attention has gone to OpenSSL, it's probably one of the better-audited projects nowadays.

The performance increase on non-x86_64 platforms is not "potential", it's there; OpenSSL has optimized assembly code for most architectures, in addition to plain C fallbacks - LibreSSL does not have them, they all got dropped with the exception of the x86_64 ones.

So, +1 from me.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (3 preceding siblings ...)
  2020-04-13  0:55 ` q66
@ 2020-04-13  0:57 ` q66
  2020-04-13  0:58 ` q66
                   ` (136 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-13  0:57 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 779 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612703000

Comment:
I'd argue that OpenSSL is safer, since it just gets a lot more attention and audit nowadays. Since heartbleed a lot of attention has gone to OpenSSL, it's probably one of the better-audited projects nowadays.

The performance increase on non-x86_64 platforms is not "potential", it's there; OpenSSL has optimized assembly code for most architectures, in addition to plain C fallbacks - LibreSSL does not have them, they all got dropped with the exception of the x86_64 ones.

So, +1 from me.

Perl being required for build is a non-problem, it's already required for build in several other bootstrap packages, including gcc and glibc.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (4 preceding siblings ...)
  2020-04-13  0:57 ` q66
@ 2020-04-13  0:58 ` q66
  2020-04-13  1:00 ` travankor
                   ` (135 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-13  0:58 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 790 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612703000

Comment:
I'd argue that OpenSSL is safer, since it just gets a lot more attention and audit nowadays. Since heartbleed a lot of attention has gone to OpenSSL, it's probably one of the better-audited projects nowadays.

The performance increase on non-x86_64 platforms is not "potential", it's there; OpenSSL has optimized assembly code for most architectures, in addition to plain C fallbacks - LibreSSL does not have them, they all got dropped with the exception of the x86_64 ones.

So, +1 from me.

Perl being required for build is a non-problem, it's already required for build in several other bootstrap packages, including coreutils, gcc and glibc.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (5 preceding siblings ...)
  2020-04-13  0:58 ` q66
@ 2020-04-13  1:00 ` travankor
  2020-04-13  1:01 ` travankor
                   ` (134 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-13  1:00 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 614 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701546

Comment:
Another advantage: OpenSSL is switching to a license the OpenBSD consider [non-free](https://www.openbsd.org/policy.html) (Apache-2.0, which Void considers free). This means the codebase between openssl and libressl is more likely to diverge.

I think having better software (ie: haskell openssl keeps breaking with libressl) and hardware support (ie: aarch64 crypto acceleration) is more useful for Void than security (not that openssl is super insecure these days).

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (6 preceding siblings ...)
  2020-04-13  1:00 ` travankor
@ 2020-04-13  1:01 ` travankor
  2020-04-13  8:58 ` pullmoll
                   ` (133 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-13  1:01 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 618 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701546

Comment:
Another advantage: OpenSSL is switching to a license the OpenBSD consider [non-free](https://www.openbsd.org/policy.html) (Apache-2.0, which Void considers free). This means the codebase between openssl and libressl is more likely to diverge.

I think having better software (ie: haskell ssl library keeps breaking with libressl) and hardware support (ie: aarch64 crypto acceleration) is more useful for Void than security (not that openssl is super insecure these days).

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (7 preceding siblings ...)
  2020-04-13  1:01 ` travankor
@ 2020-04-13  8:58 ` pullmoll
  2020-04-13  9:09 ` xtraeme
                   ` (132 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: pullmoll @ 2020-04-13  8:58 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 586 bytes --]

New comment by pullmoll on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612816313

Comment:
I had myself several times where it was difficult to see in which way patching a source for libressl would be correct. This is because I do not know every detail of the differences between the openssl versions 1.0.x and 1.1.x, and the libressl API lies somewhere in between the two.

So from my point of view using openssl could save us lots of work, and if a majority thinks that openssl is audited well enough nowadays, I'm pro switching.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (8 preceding siblings ...)
  2020-04-13  8:58 ` pullmoll
@ 2020-04-13  9:09 ` xtraeme
  2020-04-13 10:57 ` xtraeme
                   ` (131 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-13  9:09 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 201 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612820412

Comment:
No objections. But the website will have to be updated... 

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (9 preceding siblings ...)
  2020-04-13  9:09 ` xtraeme
@ 2020-04-13 10:57 ` xtraeme
  2020-04-13 11:29 ` Duncaen
                   ` (130 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-13 10:57 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 318 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612853344

Comment:
If you are going this route, please do not change xbps. I prefer to keep xbps to use libressl, mainly because this avoids lots of unnecessary dependencies while bootstrapping.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (10 preceding siblings ...)
  2020-04-13 10:57 ` xtraeme
@ 2020-04-13 11:29 ` Duncaen
  2020-04-13 12:02 ` Hoshpak
                   ` (129 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Duncaen @ 2020-04-13 11:29 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 150 bytes --]

New comment by protonesso on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701979

Comment:
bruh

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (11 preceding siblings ...)
  2020-04-13 11:29 ` Duncaen
@ 2020-04-13 12:02 ` Hoshpak
  2020-04-13 12:04 ` xtraeme
                   ` (128 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Hoshpak @ 2020-04-13 12:02 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 821 bytes --]

New comment by Hoshpak on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612870992

Comment:
Are you talking about xbps as a project or the Void Linux xbps package? Switching all packages to openssl and still forcing every Void system to still install libressl in parallel through xbps would make it kind of pointless to switch in the first place.

I generally agree that we should switch to openssl. Libressl not supporting the openssl 1.1 API is increasingly holding packages back (I think I had issues when trying to update postfix in the past) and cannot be trivially patched. The slow movement of libressl development also bothers me and led me to not use it on my server. I am now able to connect to this server via TLS 1.3, just not from any of my Void machines.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (12 preceding siblings ...)
  2020-04-13 12:02 ` Hoshpak
@ 2020-04-13 12:04 ` xtraeme
  2020-04-13 12:06 ` xtraeme
                   ` (127 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-13 12:04 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 163 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612871637

Comment:
I mean the void pkg.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (13 preceding siblings ...)
  2020-04-13 12:04 ` xtraeme
@ 2020-04-13 12:06 ` xtraeme
  2020-04-13 12:09 ` xtraeme
                   ` (126 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-13 12:06 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 204 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612872193

Comment:
FYI  https://github.com/libressl-portable/portable/issues/228

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (14 preceding siblings ...)
  2020-04-13 12:06 ` xtraeme
@ 2020-04-13 12:09 ` xtraeme
  2020-04-13 12:09 ` xtraeme
                   ` (125 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-13 12:09 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 292 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612872804

Comment:
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (15 preceding siblings ...)
  2020-04-13 12:09 ` xtraeme
@ 2020-04-13 12:09 ` xtraeme
  2020-04-16 12:16 ` Johnnynator
                   ` (124 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-13 12:09 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 196 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612872943

Comment:
Anyway I don't really care, simply don't switch xbps.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (16 preceding siblings ...)
  2020-04-13 12:09 ` xtraeme
@ 2020-04-16 12:16 ` Johnnynator
  2020-04-16 12:18 ` xtraeme
                   ` (123 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Johnnynator @ 2020-04-16 12:16 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 334 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614615877

Comment:
> Simply don't switch xbps.

This would also imply to build libarchive against LibreSSL, but nevertheless I dislike having both LibreSSL and OpenSSL at the same time in the base system.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (17 preceding siblings ...)
  2020-04-16 12:16 ` Johnnynator
@ 2020-04-16 12:18 ` xtraeme
  2020-04-16 12:19 ` xtraeme
                   ` (122 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:18 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 240 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614616828

Comment:
We do have already multiple implementations at the same time, see mbedtls, gnutls, libressl, etc.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (18 preceding siblings ...)
  2020-04-16 12:18 ` xtraeme
@ 2020-04-16 12:19 ` xtraeme
  2020-04-16 12:20 ` xtraeme
                   ` (121 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 247 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614617096

Comment:
Anyway I've been thinking about it and maybe I'll switch xbps to use mbedtls. Not sure yet. So go ahead!

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (19 preceding siblings ...)
  2020-04-16 12:19 ` xtraeme
@ 2020-04-16 12:20 ` xtraeme
  2020-04-16 12:22 ` xtraeme
                   ` (120 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:20 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 259 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614617662

Comment:
I think it would be good to have openssl as another provider, and then we can decide what software depends on which.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (20 preceding siblings ...)
  2020-04-16 12:20 ` xtraeme
@ 2020-04-16 12:22 ` xtraeme
  2020-04-16 12:26 ` Johnnynator
                   ` (119 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:22 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 516 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614618589

Comment:
I agree about the ABI breakage in libressl, this is the only thing that bothers me, but I still think they are doing good with the software. I'm pretty sure OpenBSD devs do a great security work!

Note that openssl was only improved (after heartbleed) because they received lots of donations that made some developers work at full time. Not sure if this is true nowadays.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (21 preceding siblings ...)
  2020-04-16 12:22 ` xtraeme
@ 2020-04-16 12:26 ` Johnnynator
  2020-04-16 12:29 ` Johnnynator
                   ` (118 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Johnnynator @ 2020-04-16 12:26 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 316 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614620637

Comment:
> We do have already multiple implementations at the same time, see mbedtls, gnutls, libressl, etc.

But not in the base system, there we only have LibreSSL as of now.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (22 preceding siblings ...)
  2020-04-16 12:26 ` Johnnynator
@ 2020-04-16 12:29 ` Johnnynator
  2020-04-16 12:29 ` xtraeme
                   ` (117 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Johnnynator @ 2020-04-16 12:29 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 298 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614622006

Comment:
E.g. I need to decide if ca-certificates depends on LibreSSL or OpenSSL (in theory I might be able to patch `update-ca-certificates` to work with both)

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (23 preceding siblings ...)
  2020-04-16 12:29 ` Johnnynator
@ 2020-04-16 12:29 ` xtraeme
  2020-04-16 12:31 ` travankor
                   ` (116 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:29 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 236 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614622203

Comment:
@Johnnynator this is not an issue! we can make both work at the same time, including mbedtls.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (24 preceding siblings ...)
  2020-04-16 12:29 ` xtraeme
@ 2020-04-16 12:31 ` travankor
  2020-04-16 12:32 ` xtraeme
                   ` (115 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-16 12:31 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 229 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614623285

Comment:
@xtraeme What about bearssl? In the link you provided above, it resists the attacks.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (25 preceding siblings ...)
  2020-04-16 12:31 ` travankor
@ 2020-04-16 12:32 ` xtraeme
  2020-04-16 12:33 ` xtraeme
                   ` (114 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:32 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 240 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614623665

Comment:
@Johnnynator hmm I would not do this way. Each ssl implementation must depend on ca-certificates.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (26 preceding siblings ...)
  2020-04-16 12:32 ` xtraeme
@ 2020-04-16 12:33 ` xtraeme
  2020-04-16 12:34 ` travankor
                   ` (113 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:33 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 275 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614623999

Comment:
@travankor well, you are free to use whatever you think is ok! I think having openssl is ok, as long as libressl is still an option!

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (27 preceding siblings ...)
  2020-04-16 12:33 ` xtraeme
@ 2020-04-16 12:34 ` travankor
  2020-04-16 12:34 ` travankor
                   ` (112 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-16 12:34 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 336 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614623285

Comment:
>Anyway I've been thinking about it and maybe I'll switch xbps to use mbedtls. Not sure yet. So go ahead!
@xtraeme What about bearssl? In the link you provided above, it resists the attacks.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (28 preceding siblings ...)
  2020-04-16 12:34 ` travankor
@ 2020-04-16 12:34 ` travankor
  2020-04-16 12:34 ` travankor
                   ` (111 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-16 12:34 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 338 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614623285

Comment:
>Anyway I've been thinking about it and maybe I'll switch xbps to use mbedtls. Not sure yet. So go ahead!

@xtraeme What about bearssl? In the link you provided above, it resists the attacks.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (29 preceding siblings ...)
  2020-04-16 12:34 ` travankor
@ 2020-04-16 12:34 ` travankor
  2020-04-16 12:34 ` travankor
                   ` (110 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-16 12:34 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 165 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614624541

Comment:
no, i meant for xbps

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (30 preceding siblings ...)
  2020-04-16 12:34 ` travankor
@ 2020-04-16 12:34 ` travankor
  2020-04-16 12:35 ` xtraeme
                   ` (109 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-16 12:34 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 192 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614624541

Comment:
no, i meant for xbps, as an alternative backend

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (31 preceding siblings ...)
  2020-04-16 12:34 ` travankor
@ 2020-04-16 12:35 ` xtraeme
  2020-04-16 12:35 ` xtraeme
                   ` (108 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:35 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 224 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614624871

Comment:
I haven't looked into it, but if xbps supports all alternatives it would be good.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (32 preceding siblings ...)
  2020-04-16 12:35 ` xtraeme
@ 2020-04-16 12:35 ` xtraeme
  2020-04-16 12:37 ` xtraeme
                   ` (107 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:35 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 238 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614625156

Comment:
right now xbps does not support openssl >= 1.1, so we are stuck with older openssl or libressl.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (33 preceding siblings ...)
  2020-04-16 12:35 ` xtraeme
@ 2020-04-16 12:37 ` xtraeme
  2020-04-16 12:40 ` Johnnynator
                   ` (106 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:37 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 232 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614625889

Comment:
in fact I haven't tried with openssl >= 1.1, but I think it would need minimal changes...

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (34 preceding siblings ...)
  2020-04-16 12:37 ` xtraeme
@ 2020-04-16 12:40 ` Johnnynator
  2020-04-16 12:40 ` Johnnynator
                   ` (105 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Johnnynator @ 2020-04-16 12:40 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 647 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614627195

Comment:
> @Johnnynator hmm I would not do this way. Each ssl implementation must depend on ca-certificates.

Yes, all ssl implementation depend on ca-certs but ca-certs depends on only one SSL implementation.
But the update-ca-certificates script right now ONLY works with libressl. And the openssl command does not have a proper way of querying whether it is OpenSSL or LibreSSL. (It always exits with 0, even when the command was not found..., so I need to judge it by what is print to stdout, argh...).

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (35 preceding siblings ...)
  2020-04-16 12:40 ` Johnnynator
@ 2020-04-16 12:40 ` Johnnynator
  2020-04-16 12:42 ` Johnnynator
                   ` (104 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Johnnynator @ 2020-04-16 12:40 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 287 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614627390

Comment:
> in fact I haven't tried with openssl >= 1.1, but I think it would need minimal changes...

XBPS did compile and run fine for me locally.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (36 preceding siblings ...)
  2020-04-16 12:40 ` Johnnynator
@ 2020-04-16 12:42 ` Johnnynator
  2020-04-16 12:43 ` xtraeme
                   ` (103 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Johnnynator @ 2020-04-16 12:42 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 760 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614627195

Comment:
> @Johnnynator hmm I would not do this way. Each ssl implementation must depend on ca-certificates.

Yes, all ssl implementation depend on ca-certs but ca-certs depends on only one SSL implementation.
But the update-ca-certificates script right now ONLY works with libressl. And the openssl command does not have a proper way of querying whether it is OpenSSL or LibreSSL. (It always exits with 0, even when the command was not found..., so I need to judge it by what is print to stdout, argh...).

Edit: correction, OpenSSL exits with `1` on invalid commands, LibreSSL is the one that always exits with `0`.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (37 preceding siblings ...)
  2020-04-16 12:42 ` Johnnynator
@ 2020-04-16 12:43 ` xtraeme
  2020-04-16 12:45 ` xtraeme
                   ` (102 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:43 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 366 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614628964

Comment:
@Johnnynator cool! I'll update the README then.

So I'm not against it, but what bothers me about openssl is the perl build dependency... it DOES matter while bootstrapping. I would take the alpine patch to get rid of it.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (38 preceding siblings ...)
  2020-04-16 12:43 ` xtraeme
@ 2020-04-16 12:45 ` xtraeme
  2020-04-16 12:45 ` xtraeme
                   ` (101 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:45 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 313 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614629821

Comment:
@Johnnynator we could use alternative for the openssl command, and then use the specific impl cmd, i.e for openssl "openssl", for libressl "openssl-libressl" or whatever.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (39 preceding siblings ...)
  2020-04-16 12:45 ` xtraeme
@ 2020-04-16 12:45 ` xtraeme
  2020-04-16 12:51 ` travankor
                   ` (100 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:45 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 314 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614629821

Comment:
@Johnnynator we could use alternatives for the openssl command, and then use the specific impl cmd, i.e for openssl "openssl", for libressl "openssl-libressl" or whatever.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (40 preceding siblings ...)
  2020-04-16 12:45 ` xtraeme
@ 2020-04-16 12:51 ` travankor
  2020-04-16 12:52 ` travankor
                   ` (99 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-16 12:51 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 407 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614632896

Comment:
Anyways, stick with libressl 3.1 for now, it's about to get released and adds more compatibility for openssl 1.1.

My main issue is that libressl won't match the openssl 3.X/4.X/5.X API in the long run because of the Apache license make code-sharing difficult.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (41 preceding siblings ...)
  2020-04-16 12:51 ` travankor
@ 2020-04-16 12:52 ` travankor
  2020-04-16 12:53 ` xtraeme
                   ` (98 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-16 12:52 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 405 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614632896

Comment:
Anyways, stick with libressl 3.1 for now, it's about to get released and adds more compatibility for openssl 1.1.

My main issue is that libressl won't match the openssl 3.X/4.X/5.X API in the long run because the Apache license makes code-sharing difficult.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (42 preceding siblings ...)
  2020-04-16 12:52 ` travankor
@ 2020-04-16 12:53 ` xtraeme
  2020-04-16 12:53 ` Johnnynator
                   ` (97 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 12:53 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 210 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614633926

Comment:
@travankor they aren't API/ABI compatible for a long time anyway...

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (43 preceding siblings ...)
  2020-04-16 12:53 ` xtraeme
@ 2020-04-16 12:53 ` Johnnynator
  2020-04-16 12:54 ` Johnnynator
                   ` (96 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Johnnynator @ 2020-04-16 12:53 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 962 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614633968

Comment:
> @Johnnynator we could use alternatives for the openssl command, and then use the specific impl cmd, i.e for openssl "openssl", for libressl "openssl-libressl" or whatever.

Probably the most sane way, I will prepare it like that.
> @Johnnynator cool! I'll update the README then.
> 
> So I'm not against it, but what bothers me about openssl is the perl build dependency... it DOES matter while bootstrapping. I would take the alpine patch to get rid of it.

Alpine also needs perl for bootstraping, and the perl `c_rehash` runtime script is not needed in our case, since our `ca-certifcates` package is not using it, so we can simply ignore it. Also as q66 pointed out, we already have a few packages that need perl for bootstrapping (e.g. `glibc`, `gcc`), so I don't see an issue with OpenSSL needing it.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (44 preceding siblings ...)
  2020-04-16 12:53 ` Johnnynator
@ 2020-04-16 12:54 ` Johnnynator
  2020-04-16 12:55 ` travankor
                   ` (95 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Johnnynator @ 2020-04-16 12:54 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 310 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614634371

Comment:
> Anyways, stick with libressl 3.1 for now, it's about to get released and adds more compatibility for openssl 1.1.

There are still significant gaps in the API.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (45 preceding siblings ...)
  2020-04-16 12:54 ` Johnnynator
@ 2020-04-16 12:55 ` travankor
  2020-04-16 12:58 ` travankor
                   ` (94 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-16 12:55 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 173 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614634855

Comment:
Is openssl needed right now?

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (46 preceding siblings ...)
  2020-04-16 12:55 ` travankor
@ 2020-04-16 12:58 ` travankor
  2020-04-16 13:04 ` xtraeme
                   ` (93 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-16 12:58 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 209 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614636147

Comment:
@xtraeme Yep, they will be two separate libraries in the future.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (47 preceding siblings ...)
  2020-04-16 12:58 ` travankor
@ 2020-04-16 13:04 ` xtraeme
  2020-04-16 13:04 ` xtraeme
                   ` (92 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:04 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 355 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614639287

Comment:
I agree with two points in this PR:

- openssl contains ASM for some archs, i.e faster than libressl.
- they don't break the ABI each 6 months.

I think those are two strong points to stick with openssl.



^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (48 preceding siblings ...)
  2020-04-16 13:04 ` xtraeme
@ 2020-04-16 13:04 ` xtraeme
  2020-04-16 13:05 ` xtraeme
                   ` (91 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:04 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 217 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614639597

Comment:
As long as they don't repeat another heartbleed again I'm all for it! rofl

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (49 preceding siblings ...)
  2020-04-16 13:04 ` xtraeme
@ 2020-04-16 13:05 ` xtraeme
  2020-04-16 13:06 ` travankor
                   ` (90 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:05 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 198 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614639794

Comment:
that's why I'm saying to keep libressl... just in case.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (50 preceding siblings ...)
  2020-04-16 13:05 ` xtraeme
@ 2020-04-16 13:06 ` travankor
  2020-04-16 13:07 ` q66
                   ` (89 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-16 13:06 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 191 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614640812

Comment:
stuff that uses libtls will need libressl, too

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (51 preceding siblings ...)
  2020-04-16 13:06 ` travankor
@ 2020-04-16 13:07 ` q66
  2020-04-16 13:09 ` q66
                   ` (88 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-16 13:07 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 499 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614641214

Comment:
Perl does *not* matter while bootstrapping, stop insisting that it does. I still don't see any reason to package both of them either, as @Johnnynator said it would require libarchive to be built against it and complicate everything. The "just in case" argument doesn't make any sense, *either of them* could mess up something and you have no way to know which.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (52 preceding siblings ...)
  2020-04-16 13:07 ` q66
@ 2020-04-16 13:09 ` q66
  2020-04-16 13:11 ` xtraeme
                   ` (87 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-16 13:09 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 281 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614642146

Comment:
Does anything actually use libtls? Since it's a libressl specific api and most distros don't package it at all, I don't think we need to worry

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (53 preceding siblings ...)
  2020-04-16 13:09 ` q66
@ 2020-04-16 13:11 ` xtraeme
  2020-04-16 13:12 ` xtraeme
                   ` (86 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:11 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 561 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614643370

Comment:
```
[juan@leysa ~]$ xbps-query -Rs libtls.so -p shlib-requires
acme-client-0.1.16_4: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
libressl-3.0.2_2: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
libressl-netcat-3.0.2_2: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
openntpd-6.2p3_5: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
s6-networking-2.3.1.2_1: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
[juan@leysa ~]$
```

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (54 preceding siblings ...)
  2020-04-16 13:11 ` xtraeme
@ 2020-04-16 13:12 ` xtraeme
  2020-04-16 13:15 ` xtraeme
                   ` (85 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:12 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 220 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614644087

Comment:
@q66 I'm aware of perl in bootstrap. But in the musl case it's not necessary!

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (55 preceding siblings ...)
  2020-04-16 13:12 ` xtraeme
@ 2020-04-16 13:15 ` xtraeme
  2020-04-16 13:15 ` q66
                   ` (84 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:15 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 248 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614645464

Comment:
Note that libarchive does only need openssl for libcrypto (shaXXX and related) not anything from SSL/TLS.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (56 preceding siblings ...)
  2020-04-16 13:15 ` xtraeme
@ 2020-04-16 13:15 ` q66
  2020-04-16 13:18 ` xtraeme
                   ` (83 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-16 13:15 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 187 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614645489

Comment:
It is, since coreutils needs it, as well as GCC.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (57 preceding siblings ...)
  2020-04-16 13:15 ` q66
@ 2020-04-16 13:18 ` xtraeme
  2020-04-16 13:18 ` xtraeme
                   ` (82 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:18 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 620 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614646888

Comment:
@q66 perl is only required in coreutils to run the test suite.

```
# The test suite needs to know if we have a working perl.
# FIXME: this is suboptimal.  Ideally, we would be able to call gl_PERL
# with an ACTION-IF-NOT-FOUND argument ...
cu_have_perl=yes
case $PERL in *"/missing "*) cu_have_perl=no;; esac
 if test $cu_have_perl = yes; then
  HAVE_PERL_TRUE=
  HAVE_PERL_FALSE='#'
else
  HAVE_PERL_TRUE='#'
  HAVE_PERL_FALSE=
fi
```
from coreutils configure

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (58 preceding siblings ...)
  2020-04-16 13:18 ` xtraeme
@ 2020-04-16 13:18 ` xtraeme
  2020-04-16 13:19 ` q66
                   ` (81 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:18 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 205 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614647058

Comment:
@q66 GCC only requires perl due to texinfo, which is optional!

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (59 preceding siblings ...)
  2020-04-16 13:18 ` xtraeme
@ 2020-04-16 13:19 ` q66
  2020-04-16 13:21 ` xtraeme
                   ` (80 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-16 13:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 427 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614647425

Comment:
Libcrypto contains the majority of the asm acceleration code, including for sha*. Wrt libtls: so... other openbsd projects (duh) - I doubt it'd required, as e.g. Debian packages openntpd without libressl, and s6-networking, which can also use bearssl, which is a better choice either way.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (60 preceding siblings ...)
  2020-04-16 13:19 ` q66
@ 2020-04-16 13:21 ` xtraeme
  2020-04-16 13:21 ` q66
                   ` (79 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:21 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 450 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614648946

Comment:
@q66 I'm not against this at all! not sure what's your point.

@Johnnynator already tried xbps with openssl >= 1.1 and it's ok, so it's ok for me too.

I was only mentioning the fact that openssl needs perl to build. But as you said, we require perl for bootstrapping so it's not an issue.

+1 from me

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (61 preceding siblings ...)
  2020-04-16 13:21 ` xtraeme
@ 2020-04-16 13:21 ` q66
  2020-04-16 13:23 ` xtraeme
                   ` (78 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-16 13:21 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 328 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614649016

Comment:
Anyway, openssl needs Perl for good reasons, it uses it to deal with processing the assembly code for different targets. Libressl was only able to rip it out because they ripped out the asm

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (62 preceding siblings ...)
  2020-04-16 13:21 ` q66
@ 2020-04-16 13:23 ` xtraeme
  2020-04-16 13:24 ` q66
                   ` (77 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:23 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 252 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614650064

Comment:
Alpine had a C implementation to get rid of perl in openssl in the past... not sure if this is true nowadays.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (63 preceding siblings ...)
  2020-04-16 13:23 ` xtraeme
@ 2020-04-16 13:24 ` q66
  2020-04-16 13:26 ` Johnnynator
                   ` (76 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-16 13:24 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 164 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614650677

Comment:
C implementation of what?

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (64 preceding siblings ...)
  2020-04-16 13:24 ` q66
@ 2020-04-16 13:26 ` Johnnynator
  2020-04-16 13:28 ` q66
                   ` (75 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Johnnynator @ 2020-04-16 13:26 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 309 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614651420

Comment:
They still have c implementation of `c_rehash` but as I said, it is not really needed and we can ignore it, since we use the debian ca_certificates update script.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (65 preceding siblings ...)
  2020-04-16 13:26 ` Johnnynator
@ 2020-04-16 13:28 ` q66
  2020-04-16 13:33 ` xtraeme
                   ` (74 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-16 13:28 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 388 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614653071

Comment:
There are much worse bootstrap dependencies we could have than Perl anyway, as far as I know Perl has never been problematic on anything, has been around for decades and is completely portable. And pretty much every single distro out there ships it.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (66 preceding siblings ...)
  2020-04-16 13:28 ` q66
@ 2020-04-16 13:33 ` xtraeme
  2020-04-16 13:33 ` xtraeme
                   ` (73 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:33 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 278 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614655698

Comment:
perl portable? sure, but only for native builds! it took me a while to figure out cross compilation way before perl-cross existed! ROFL

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (67 preceding siblings ...)
  2020-04-16 13:33 ` xtraeme
@ 2020-04-16 13:33 ` xtraeme
  2020-04-16 13:35 ` xtraeme
                   ` (72 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:33 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 213 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614656000

Comment:
@q66 just take a look at void-packages git logs to see all my changes!

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (68 preceding siblings ...)
  2020-04-16 13:33 ` xtraeme
@ 2020-04-16 13:35 ` xtraeme
  2020-04-16 13:37 ` xtraeme
                   ` (71 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:35 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 388 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614657182

Comment:
```
[juan@leysa void-packages]$ git shortlog -sn|head -5
 35726	Juan RP
 11076	maxice8
  8004	Leah Neukirchen
  6412	Michael Gehring
  6328	Enno Boland
[juan@leysa void-packages]$
```
There's a reason why I've got 35K commits, you know!

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (69 preceding siblings ...)
  2020-04-16 13:35 ` xtraeme
@ 2020-04-16 13:37 ` xtraeme
  2020-04-17  6:18 ` Ypnose
                   ` (70 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-16 13:37 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 210 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614658237

Comment:
Anyway I'll stop with this thread.

+1 to switch to openssl again

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (70 preceding siblings ...)
  2020-04-16 13:37 ` xtraeme
@ 2020-04-17  6:18 ` Ypnose
  2020-04-17  6:18 ` Ypnose
                   ` (69 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Ypnose @ 2020-04-17  6:18 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 429 bytes --]

New comment by Ypnose on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-615064925

Comment:
I'm not longer a package maintainer, but from an user perspective `libressl` is sometimes painful when specific `openssl` options are needed and not included. There is an example here : https://github.com/libressl-portable/portable/issues/544
If it can save maintainers time, go for it.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (71 preceding siblings ...)
  2020-04-17  6:18 ` Ypnose
@ 2020-04-17  6:18 ` Ypnose
  2020-04-17 10:06 ` travankor
                   ` (68 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Ypnose @ 2020-04-17  6:18 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 428 bytes --]

New comment by Ypnose on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-615064925

Comment:
I'm no longer a package maintainer, but from an user perspective `libressl` is sometimes painful when specific `openssl` options are needed and not included. There is an example here : https://github.com/libressl-portable/portable/issues/544
If it can save maintainers time, go for it.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (72 preceding siblings ...)
  2020-04-17  6:18 ` Ypnose
@ 2020-04-17 10:06 ` travankor
  2020-04-17 10:06 ` travankor
                   ` (67 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-17 10:06 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 405 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614632896

Comment:
Anyways, stick with libressl 3.1 for now, it's about to get released and adds more compatibility for openssl 1.1.

My main issue is that libressl won't match the openssl 3.X/4.X/5.X API in the long run because the Apache license makes code-sharing difficult.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (73 preceding siblings ...)
  2020-04-17 10:06 ` travankor
@ 2020-04-17 10:06 ` travankor
  2020-04-17 10:06 ` travankor
                   ` (66 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-17 10:06 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 173 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614634855

Comment:
Is openssl needed right now?

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (74 preceding siblings ...)
  2020-04-17 10:06 ` travankor
@ 2020-04-17 10:06 ` travankor
  2020-04-17 14:54 ` mobinmob
                   ` (65 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-17 10:06 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 209 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614636147

Comment:
@xtraeme Yep, they will be two separate libraries in the future.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (75 preceding siblings ...)
  2020-04-17 10:06 ` travankor
@ 2020-04-17 14:54 ` mobinmob
  2020-04-21 21:35 ` howtologinquickwiththirtyninecharacters
                   ` (64 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: mobinmob @ 2020-04-17 14:54 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 935 bytes --]

New comment by mobinmob on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-615290027

Comment:
> ```
> [juan@leysa ~]$ xbps-query -Rs libtls.so -p shlib-requires
> acme-client-0.1.16_4: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
> libressl-3.0.2_2: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
> libressl-netcat-3.0.2_2: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
> openntpd-6.2p3_5: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
> s6-networking-2.3.1.2_1: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
> [juan@leysa ~]$
> ```

s6-networking works with bearssl. Upstream [marks bearssl support as beta](https://skarnet.org/software/s6-networking/) but both [Alpine](https://git.alpinelinux.org/aports/tree/main/s6-networking/APKBUILD?id=0ac87b7fb4b8e4e3717e3611107fc463c8dd261b) and [Adelie](https://code.foxkit.us/adelie/packages/blob/master/user/s6-networking/APKBUILD) use it.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (76 preceding siblings ...)
  2020-04-17 14:54 ` mobinmob
@ 2020-04-21 21:35 ` howtologinquickwiththirtyninecharacters
  2020-04-22 12:16 ` Hoshpak
                   ` (63 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: howtologinquickwiththirtyninecharacters @ 2020-04-21 21:35 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 465 bytes --]

New comment by howtologinquickwiththirtyninecharacters on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-617426990

Comment:
@Johnnynator you may want to update your package to 1.1.1g, versions d, e and f are affected by [this vulnerability](https://www.openssl.org/news/secadv/20200421.txt). (Is this the right place to comment on this or should I have commented on the New package request? I'm still new to this).

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (77 preceding siblings ...)
  2020-04-21 21:35 ` howtologinquickwiththirtyninecharacters
@ 2020-04-22 12:16 ` Hoshpak
  2020-04-22 12:19 ` xtraeme
                   ` (62 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Hoshpak @ 2020-04-22 12:16 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 371 bytes --]

New comment by Hoshpak on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-617743521

Comment:
The version remark would have been better in the PR however the vulnerability itself is highly relevant to this discussion since the number of vulnerabilities in each library is an important decision criterion for a TLS library.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (78 preceding siblings ...)
  2020-04-22 12:16 ` Hoshpak
@ 2020-04-22 12:19 ` xtraeme
  2020-04-22 15:05 ` q66
                   ` (61 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: xtraeme @ 2020-04-22 12:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 252 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-617744964

Comment:
What @Hoshpak said. I still think that libressl has less vulnerabilities, maybe due to slower release date...

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (79 preceding siblings ...)
  2020-04-22 12:19 ` xtraeme
@ 2020-04-22 15:05 ` q66
  2020-04-23  2:36 ` the-maldridge
                   ` (60 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-22 15:05 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 218 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-617836159

Comment:
All software has vulnerabilities. I seriously doubt libressl has fewer of them.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (80 preceding siblings ...)
  2020-04-22 15:05 ` q66
@ 2020-04-23  2:36 ` the-maldridge
  2020-04-23  3:35 ` eli-schwartz
                   ` (59 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: the-maldridge @ 2020-04-23  2:36 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 629 bytes --]

New comment by the-maldridge on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618141960

Comment:
My 2 cents.  I am opposed to software monocultures, they stifle attempts to produce new and better implementations and tend to breed discontent among developers that wish to do something different.

If we were to accept OpenSSL I would recommend doing so in the same way we have gcompat.  It can be used in places where there is need for its specific interface, but otherwise not.  My preferred SSL implementation is BoringSSL, though it is unsuitable for use in a distribution.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (81 preceding siblings ...)
  2020-04-23  2:36 ` the-maldridge
@ 2020-04-23  3:35 ` eli-schwartz
  2020-04-23  4:43 ` constptr
                   ` (58 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: eli-schwartz @ 2020-04-23  3:35 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1178 bytes --]

New comment by eli-schwartz on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618157192

Comment:
> Alpine also needs perl for bootstraping, and the perl `c_rehash` runtime script is not needed in our case, since our `ca-certifcates` package is not using it, so we can simply ignore it.

> They still have c implementation of `c_rehash` but as I said, it is not really needed and we can ignore it, since we use the debian ca_certificates update script.

Note that there's probably never a good excuse to use c_rehash at all, whether you use the debian ca_certificates script or not... because https://www.openssl.org/docs/man1.1.1/man1/openssl-rehash.html

tl;dr `/usr/bin/openssl rehash` and `/usr/bin/c_rehash` do the same thing, one in C and one in perl. It's unclear when you'd ever want to use the latter, and I think you might be hard-pressed to find software which invokes it. Someone tried to rewrite it in bash and PR it to openssl, but the PR was closed as "perl is easier to build on OpenVMS, that being said we might be able to just drop it entirely since you should just use the openssl app's rehash command".

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (82 preceding siblings ...)
  2020-04-23  3:35 ` eli-schwartz
@ 2020-04-23  4:43 ` constptr
  2020-04-23  7:59 ` fosslinux
                   ` (57 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: constptr @ 2020-04-23  4:43 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

New comment by constptr on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618174090

Comment:
I am not experienced/eligible to comment, but what about alternative SSL implementations like wolfssl ( claims openssl compatibility ) and GNU-TLS ? 

Openssl can avoid many manual patching though.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (83 preceding siblings ...)
  2020-04-23  4:43 ` constptr
@ 2020-04-23  7:59 ` fosslinux
  2020-04-23  8:23 ` travankor
                   ` (56 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: fosslinux @ 2020-04-23  7:59 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 3705 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618245112

Comment:
I agree with @the-maldridge, after some hard thinking and a discussion on IRC.

I'm not really concerned about OpenSSL in the repositories.

However, LibreSSL should be of first-class support, and OpenSSL should only be used where necessary for maintainability (eg, qt5). IMO, OpenSSL shouldn't be in the base system - xbps should stay with LibreSSL; no real reason to move it off it.

Saying all this, it is essential that the maintainers come to a decision how OpenSSL should be used **before it is merged**, and what will happen to LibreSSL (once again, I will strongly advocate for LibreSSL not being removed - rather still being first-class).

I see a number of options, ranked from most LibreSSL to most OpenSSL.

_No OpenSSL_
1. Do not merge OpenSSL.
_User choice, first-class support for LibreSSL; OpenSSL not well supported_
2. Merge OpenSSL, but do not have any packages depend upon it. Have it as a choice. Maintain full compatibility with LibreSSL, but don't require current packages to support OpenSSL. Do not include OpenSSL in the base system (default LibreSSL).
_User choice, first-class support for both_
3. Merge OpenSSL, but do not have any packages depend upon it. Have it as a choice. Maintain full compatibility with LibreSSL; quickly ensure all current packages to support OpenSSL. Do not include OpenSSL in the base system (default LibreSSL).
_Maintainer choice, but LibreSSL for base system_
4. Merge OpenSSL. Allow packages to depend upon it, and optionally drop LibreSSL specific patches. Packages will pull in either of OpenSSL or LibreSSL as required. Both could be installed on the same system. However, base packages should only include LibreSSL. Do not include OpenSSL in the base system.
_Maintainer choice, including base system - both in base system_
5. Merge OpenSSL. Allow packages to depend upon it, and optionally drop LibreSSL specific patches. Packages, including base packages, are allowed to pull in either of OpenSSL or LibreSSL as required. Both could be installed on the same system - and both will be installed as part of the base system.
_Maintainer choice, but OpenSSL for base system_
6. Merge OpenSSL. Convert all base system packages to use OpenSSL only (including xbps).  Allow packages to depend upon it, and optionally drop LibreSSL specific patches. Base system should only use OpenSSL. Both could be installed on the same system, but only OpenSSL will be in the base system. Maintainers can still choose to use LibreSSL, and most software can continue to do so (ex. base system).
_User choice, first-class support for OpenSSL; LibreSSL not well supported_
7. Merge OpenSSL. Convert all base system packages to use OpenSSL only (including xbps). All packages must work with OpenSSL - make this a priority - but not all have to work with LibreSSL. Include OpenSSL in the base system, and make it the default. Maintainers must use OpenSSL.
_OpenSSL only; no LibreSSL_
8. Merge OpenSSL. Convert all packages to use OpenSSL only. All packages must work with OpenSSL. Roadmap for LibreSSL to be removed from the repositories.

6 is likely to end up at 7 eventually.

I, personally, would hate 7 or 8. My opinion is 4. 3 and 5 would create too much maintainer work, 6 would lead to an extreme drop of support of LibreSSL in general, and  would eventually lead to 7. 1, 2 and 3 I would also be happy with (but 3 would create poor maintaership).

I would strongly recommend against 2 and 7 because all it's going to add is complex, dodgy code, broken software, and worse packaging.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (84 preceding siblings ...)
  2020-04-23  7:59 ` fosslinux
@ 2020-04-23  8:23 ` travankor
  2020-04-23 10:25 ` Duncaen
                   ` (55 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-04-23  8:23 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 615 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701546

Comment:
Another advantage: OpenSSL is switching to a license OpenBSD considers [non-free](https://www.openbsd.org/policy.html) (Apache-2.0, which Void considers free). This means the codebase between openssl and libressl is more likely to diverge.

I think having better software (ie: haskell ssl library keeps breaking with libressl) and hardware support (ie: aarch64 crypto acceleration) is more useful for Void than security (not that openssl is super insecure these days).

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (85 preceding siblings ...)
  2020-04-23  8:23 ` travankor
@ 2020-04-23 10:25 ` Duncaen
  2020-04-23 10:29 ` Duncaen
                   ` (54 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Duncaen @ 2020-04-23 10:25 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 255 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618319932

Comment:
Running both is not an option all reverse dependencies need to use the same one otherwise we get runtime errors.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (86 preceding siblings ...)
  2020-04-23 10:25 ` Duncaen
@ 2020-04-23 10:29 ` Duncaen
  2020-04-23 11:19 ` q66
                   ` (53 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Duncaen @ 2020-04-23 10:29 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 396 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618319932

Comment:
Running both is not an option all reverse dependencies need to use the same one otherwise we get runtime errors.

Edit: Excluding the few limited cases that require libtls. A per package decision on using libressl or openssl is a logistical nightmare.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (87 preceding siblings ...)
  2020-04-23 10:29 ` Duncaen
@ 2020-04-23 11:19 ` q66
  2020-04-23 11:20 ` constptr
                   ` (52 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-23 11:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 345 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618344090

Comment:
Mixing libressl and openssl in one system is a recipe for disaster as they share symbols.

Also, sticking primarily with libressl does not solve the problem of the experience being poor outside of x86_64.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (88 preceding siblings ...)
  2020-04-23 11:19 ` q66
@ 2020-04-23 11:20 ` constptr
  2020-04-24  6:34 ` Ypnose
                   ` (51 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: constptr @ 2020-04-23 11:20 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

New comment by constptr on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618174090

Comment:
I am not experienced/eligible to comment, but what about alternative SSL implementations like wolfssl ( claims openssl compatibility ) and GNU-TLS ? 

Openssl can avoid many manual patching though.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (89 preceding siblings ...)
  2020-04-23 11:20 ` constptr
@ 2020-04-24  6:34 ` Ypnose
  2020-04-24  7:32 ` the-maldridge
                   ` (50 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Ypnose @ 2020-04-24  6:34 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 182 bytes --]

New comment by Ypnose on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618830213

Comment:
Please, can you elaborate your comment ?

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (90 preceding siblings ...)
  2020-04-24  6:34 ` Ypnose
@ 2020-04-24  7:32 ` the-maldridge
  2020-04-24 14:01 ` q66
                   ` (49 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: the-maldridge @ 2020-04-24  7:32 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 612 bytes --]

New comment by the-maldridge on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618853743

Comment:
I believe q66 is referring to openssl containing large amounts of hand optimized assembly for both modern and long dead platforms which accelerates certain arithmetic functions.  LibreSSL works primarily on x86_64.

Perhaps a better question to ask about this is why Void is seeing poor performance on non-x86 platforms.  OpenBSD builds on a number of different targets, and there aren't reports of poor performance that I'm aware of from a very cursory search.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (91 preceding siblings ...)
  2020-04-24  7:32 ` the-maldridge
@ 2020-04-24 14:01 ` q66
  2020-04-24 16:48 ` q66
                   ` (48 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-24 14:01 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 706 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-619029088

Comment:
@the-maldridge It's not just about hand optimized, it's also about access to hardware crypto, which libressl outside of x86_64 does not have, which results in significantly poorer throughput

1) openbsd builds a lot fewer targets than Linux, e.g. they don't have 64-bit ppc of any kind
2) people using openbsd don't care about performance a whole lot, e.g. there is still no reasonable SMP in openbsd
3) openbsd still uses the perl infra from openssl to generate asm for targets they build, while libressl-portable just has the x86_64 ones generated ahead of time

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (92 preceding siblings ...)
  2020-04-24 14:01 ` q66
@ 2020-04-24 16:48 ` q66
  2020-04-27 20:31 ` Vaelatern
                   ` (47 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-04-24 16:48 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 309 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-619125471

Comment:
I ran some tests on ppc64le for comparison: https://gist.githubusercontent.com/q66/4f4dc63565cdfafb10c6dde1d3067648/raw/8d2243c22324212af35d3133455c0c7067ab088f/bench.txt

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (93 preceding siblings ...)
  2020-04-24 16:48 ` q66
@ 2020-04-27 20:31 ` Vaelatern
  2020-04-30 21:38 ` CameronNemo
                   ` (46 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Vaelatern @ 2020-04-27 20:31 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 698 bytes --]

New comment by Vaelatern on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-620217990

Comment:
Should note that dfly, an OS that cares a lot about SMP, does use libressl, but they are only x86_64.

It may be that openssl is no longer the tire fire it was when Void Linux switched. More importantly, it may be that adoption of OpenSSL is more in line with Void's philosophy than staying on LibereSSL.

But there is about to be a new LibreSSL release. I'd propose that we wait for that release and the rebuild following before we make a decision, to see if things are better or diverging openssl and libressl APIs are making things so much worse.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (94 preceding siblings ...)
  2020-04-27 20:31 ` Vaelatern
@ 2020-04-30 21:38 ` CameronNemo
  2020-05-01 17:59 ` marmeladema
                   ` (45 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: CameronNemo @ 2020-04-30 21:38 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 272 bytes --]

New comment by CameronNemo on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-622128466

Comment:
Regarding libtls, we may have an option in this library (note: I have not vetted this):

https://sr.ht/~mcf/libtls-bearssl/

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (95 preceding siblings ...)
  2020-04-30 21:38 ` CameronNemo
@ 2020-05-01 17:59 ` marmeladema
  2020-05-01 18:08 ` marmeladema
                   ` (44 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: marmeladema @ 2020-05-01 17:59 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 428 bytes --]

New comment by marmeladema on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-622494812

Comment:
By the way, new release of LibreSSL is out since early April:
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0-relnotes.txt
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0.tar.gz
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0.tar.gz.asc

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (96 preceding siblings ...)
  2020-05-01 17:59 ` marmeladema
@ 2020-05-01 18:08 ` marmeladema
  2020-05-04  3:56 ` concatime
                   ` (43 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: marmeladema @ 2020-05-01 18:08 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 502 bytes --]

New comment by marmeladema on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-622494812

Comment:
By the way, new release of LibreSSL is out since early April:
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0-relnotes.txt
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0.tar.gz
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0.tar.gz.asc

Well ... apparently its not a stable version. Sorry for the confusion.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (97 preceding siblings ...)
  2020-05-01 18:08 ` marmeladema
@ 2020-05-04  3:56 ` concatime
  2020-05-04  3:56 ` concatime
                   ` (42 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: concatime @ 2020-05-04  3:56 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 209 bytes --]

New comment by concatime on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-623245515

Comment:
@travankor, from the [link](), BearSSL does NOT implement TLS1.3

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (98 preceding siblings ...)
  2020-05-04  3:56 ` concatime
@ 2020-05-04  3:56 ` concatime
  2020-05-04  3:58 ` concatime
                   ` (41 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: concatime @ 2020-05-04  3:56 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 209 bytes --]

New comment by concatime on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-623245515

Comment:
@travankor, from the [link](), BearSSL does NOT implement TLS1.3

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (99 preceding siblings ...)
  2020-05-04  3:56 ` concatime
@ 2020-05-04  3:58 ` concatime
  2020-05-04  4:00 ` concatime
                   ` (40 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: concatime @ 2020-05-04  3:58 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 387 bytes --]

New comment by concatime on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-623245866

Comment:
(https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/)
@travankor, to be fair, BearSSL does [NOT](//bearssl.org/tls13.html) implement TLS 1.3.


^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (100 preceding siblings ...)
  2020-05-04  3:58 ` concatime
@ 2020-05-04  4:00 ` concatime
  2020-05-04 12:28 ` travankor
                   ` (39 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: concatime @ 2020-05-04  4:00 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 479 bytes --]

New comment by concatime on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-623245866

Comment:
(https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/)
@travankor, to be fair, BearSSL does [NOT](//bearssl.org/tls13.html) implement TLS 1.3.

It would have been cool if they also tested [MatrixSSL](//github.com/matrixssl/matrixssl).

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (101 preceding siblings ...)
  2020-05-04  4:00 ` concatime
@ 2020-05-04 12:28 ` travankor
  2020-05-15 19:48 ` imrn
                   ` (38 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: travankor @ 2020-05-04 12:28 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 395 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-623434182

Comment:
@concatime I only suggested to xtraeme that he considers a bearssl backend for xbps. Since he's gone, it's up to the community to decide.

I doubt anyone would port xbps to MatrixSSL, given that it changes the effective license of the derived work.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (102 preceding siblings ...)
  2020-05-04 12:28 ` travankor
@ 2020-05-15 19:48 ` imrn
  2020-05-15 20:55 ` Vaelatern
                   ` (37 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: imrn @ 2020-05-15 19:48 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 190 bytes --]

New comment by imrn on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-629448469

Comment:
#21994: Is it related with libressl? Any comments?

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (103 preceding siblings ...)
  2020-05-15 19:48 ` imrn
@ 2020-05-15 20:55 ` Vaelatern
  2020-05-15 20:55 ` Vaelatern
                   ` (36 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Vaelatern @ 2020-05-15 20:55 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 163 bytes --]

New comment by Vaelatern on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-629478596

Comment:
@imrn not related.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (104 preceding siblings ...)
  2020-05-15 20:55 ` Vaelatern
@ 2020-05-15 20:55 ` Vaelatern
  2020-07-30 15:02 ` marmeladema
                   ` (35 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Vaelatern @ 2020-05-15 20:55 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 172 bytes --]

New comment by Vaelatern on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-629478596

Comment:
@imrn probably not related.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (105 preceding siblings ...)
  2020-05-15 20:55 ` Vaelatern
@ 2020-07-30 15:02 ` marmeladema
  2020-07-31  0:34 ` fosslinux
                   ` (34 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: marmeladema @ 2020-07-30 15:02 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 443 bytes --]

New comment by marmeladema on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-666429462

Comment:
Has any consensus been reached?
On a personal note, I am starting to struggle using Void Linux on a daily basis because more and more things rely on recent protocols/algorithms not provided by libressl. For example, i have to either build openssl/cURL myself or rely on a docker version of cURL.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (106 preceding siblings ...)
  2020-07-30 15:02 ` marmeladema
@ 2020-07-31  0:34 ` fosslinux
  2020-08-09  7:37 ` bugcrazy
                   ` (33 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: fosslinux @ 2020-07-31  0:34 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 173 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-666828682

Comment:
What is the issue with cURL?

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (107 preceding siblings ...)
  2020-07-31  0:34 ` fosslinux
@ 2020-08-09  7:37 ` bugcrazy
  2020-08-09  9:40 ` Duncaen
                   ` (32 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: bugcrazy @ 2020-08-09  7:37 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 898 bytes --]

New comment by bugcrazy on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-671019011

Comment:
OpenSSL has a lot of legacy OS discontinued, quantity of developers in OpenSSL does not mean quality in the code, OpenSSL has a design problem, it is susceptible to serious flaws, not that LibreSSL has no vulnerabilities, but it has cleaner code and with a focus on safety. This link shows that LibreSSL has more development than  https://cpp.libhunt.com/compare-openssl-vs-libressl

Here on this Gentoo link that has a LibreSSL port project, which has patches and fixes to ensure software compatibility with LibreSSL. https://gitweb.gentoo.org/repo/proj/libressl.git

In this old link, it compares OpenSSL vs LibreSSL, showing how security is applied in LibreSSL code.
https://resources.infosecinstitute.com/libressl-the-secure-openssl-alternative/

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (108 preceding siblings ...)
  2020-08-09  7:37 ` bugcrazy
@ 2020-08-09  9:40 ` Duncaen
  2020-08-09  9:41 ` Duncaen
                   ` (31 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Duncaen @ 2020-08-09  9:40 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 826 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-671030539

Comment:
> This link shows that LibreSSL has more development than https://cpp.libhunt.com/compare-openssl-vs-libressl

https://github.com/openssl/openssl/graphs/commit-activity
https://github.com/libressl-portable/portable/graphs/commit-activity

> Here on this Gentoo link that has a LibreSSL port project, which has patches and fixes to ensure software compatibility with LibreSSL. https://gitweb.gentoo.org/repo/proj/libressl.git

Those are 3 people with like 30 commits this year.
Who do exactly the same as the Void Team just at a smaller scale, they are not magically more competent or better. I would argue that their patches are a lot less used than Voids package repository.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (109 preceding siblings ...)
  2020-08-09  9:40 ` Duncaen
@ 2020-08-09  9:41 ` Duncaen
  2020-08-09 23:06 ` fosslinux
                   ` (30 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Duncaen @ 2020-08-09  9:41 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-671030539

Comment:
> This link shows that LibreSSL has more development than https://cpp.libhunt.com/compare-openssl-vs-libressl

https://github.com/openssl/openssl/graphs/commit-activity
https://github.com/libressl-portable/portable/graphs/commit-activity

> Here on this Gentoo link that has a LibreSSL port project, which has patches and fixes to ensure software compatibility with LibreSSL. https://gitweb.gentoo.org/repo/proj/libressl.git

Those are 3 people with like 30 commits this year.
They do exactly the same as the Void Team just at a smaller scale, they are not magically more competent or better. I would argue that their patches are a lot less used than Voids package repository.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (110 preceding siblings ...)
  2020-08-09  9:41 ` Duncaen
@ 2020-08-09 23:06 ` fosslinux
  2020-08-09 23:06 ` fosslinux
                   ` (29 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: fosslinux @ 2020-08-09 23:06 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1234 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-671111760

Comment:
> This link shows that LibreSSL has more development than https://cpp.libhunt.com/compare-openssl-vs-libressl

Untrue, look at commit histories.

> In this **old** link, it compares OpenSSL vs LibreSSL, showing how security is applied in LibreSSL code.
https://resources.infosecinstitute.com/libressl-the-secure-openssl-alternative/
> OpenSSL has a design problem, it is susceptible to serious flaws
(emphasis mine); yes, it is old, and that's the problem. OpenSSL's codebase quality and security auditing has increased greatly in the last 5 years. I would have agreed with you some time ago. Nowdays, LibreSSL gets much less auditing, has much fewer developers working on LibreSSL-portable, and has far less architecture support.

> quantity of developers in OpenSSL does not mean quality in the code
I agree, but it does mean that something has to lose attention. Often, this is performance, or architecture support, and even build support/code quality (especially in libressl-portable), as @q66 can attest to.
> OpenSSL has a lot of legacy OS discontinued
Care to elaborate?

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (111 preceding siblings ...)
  2020-08-09 23:06 ` fosslinux
@ 2020-08-09 23:06 ` fosslinux
  2020-08-11  7:07 ` bugcrazy
                   ` (28 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: fosslinux @ 2020-08-09 23:06 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1242 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-671111760

Comment:
> This link shows that LibreSSL has more development than https://cpp.libhunt.com/compare-openssl-vs-libressl

Untrue, look at commit histories.

> In this **old** link, it compares OpenSSL vs LibreSSL, showing how security is applied in LibreSSL code.
https://resources.infosecinstitute.com/libressl-the-secure-openssl-alternative/
> OpenSSL has a design problem, it is susceptible to serious flaws

(emphasis mine); yes, it is old, and that's the problem. OpenSSL's codebase quality and security auditing has increased greatly in the last 5 years. I would have agreed with you some time ago. Nowdays, LibreSSL gets much less auditing, has much fewer developers working on LibreSSL-portable, and has far less architecture support.

> quantity of developers in OpenSSL does not mean quality in the code

I agree, but it does mean that something has to lose attention. Often, this is performance, or architecture support, and even build support/code quality (especially in libressl-portable), as @q66 can attest to.

> OpenSSL has a lot of legacy OS discontinued

Care to elaborate?

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (112 preceding siblings ...)
  2020-08-09 23:06 ` fosslinux
@ 2020-08-11  7:07 ` bugcrazy
  2020-08-11  7:47 ` fosslinux
                   ` (27 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: bugcrazy @ 2020-08-11  7:07 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 2419 bytes --]

New comment by bugcrazy on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-671769721

Comment:
> > This link shows that LibreSSL has more development than https://cpp.libhunt.com/compare-openssl-vs-libressl
> 
> Untrue, look at commit histories.
> 
> > In this **old** link, it compares OpenSSL vs LibreSSL, showing how security is applied in LibreSSL code.
> > https://resources.infosecinstitute.com/libressl-the-secure-openssl-alternative/
> > OpenSSL has a design problem, it is susceptible to serious flaws
> 
> (emphasis mine); yes, it is old, and that's the problem. OpenSSL's codebase quality and security auditing has increased greatly in the last 5 years. I would have agreed with you some time ago. Nowdays, LibreSSL gets much less auditing, has much fewer developers working on LibreSSL-portable, and has far less architecture support.
> 
> > quantity of developers in OpenSSL does not mean quality in the code
> 
> I agree, but it does mean that something has to lose attention. Often, this is performance, or architecture support, and even build support/code quality (especially in libressl-portable), as @q66 can attest to.
> 
> > OpenSSL has a lot of legacy OS discontinued
> 
> Care to elaborate?

LibreSSL has an independent audit, which can be seen on this link, with a report by a member of Void Linux.
https://blog.doyensec.com/2020/04/08/libressl-fuzzer.html

This academic thesis "Analysis of software vunerabilities through historical data" shows comparative graphs of CVEs. http://lup.lub.lu.se/student-papers/record/8923711/file/8923713.pdf

OpenSSlL has a bad design, which favors serious vulnerabilities, this has not been fixed, as this is part of the structural code of OpenSSL, over the years, it has maintained serious vulnerabilities that affect linking software.

https://news.ycombinator.com/item?id=22935221

 https://github.com/openssl/openssl/issues/4729

https://github.com/openssl/openssl/issues/4733

 https://hownot2code.com/2016/06/03/evaluate-the-string-literal-length-automatically/#more-172 

https://www.viva64.com/en/b/0183/

In these links you can compare the number of CVEs between OpneSSL and LibreSSL.

https://www.cvedetails.com/vulnerability-list/vendor_id-217/Openssl.html

https://www.cvedetails.com/vulnerability-list/vendor_id-97/product_id-30688/Openbsd-Libressl.html




^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (113 preceding siblings ...)
  2020-08-11  7:07 ` bugcrazy
@ 2020-08-11  7:47 ` fosslinux
  2020-08-11 16:37 ` concatime
                   ` (26 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: fosslinux @ 2020-08-11  7:47 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1047 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-671787206

Comment:
CVEs are an interesting thing, and actually a point I brought up much earlier, I think on IRC, when I wasn't convinced of moving back to OpenSSL. Basically, OpenSSL is a far more audited codebase and receives more auditing attention than LibreSSL.

I don't see linters/static analysis code checking tools, alone, as evidence of poor coding practices. An OpenSSL dev said in one of those threads that many are false positives.

In addition, each of the articles you linked above (excluding the recent vuln, which was discussed earlier in this thread) are 3+ years old. Again, I am of the opinion that the code quality has improved in that time.

Anyway, I don't think I'll go back and forth, let others lay down their opinions on your data if they would like.

Thanks for the threads, btw, interesting reads, which do reinforce Void's position for originally changing to LibreSSL... at the time.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (114 preceding siblings ...)
  2020-08-11  7:47 ` fosslinux
@ 2020-08-11 16:37 ` concatime
  2020-08-11 16:37 ` concatime
                   ` (25 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: concatime @ 2020-08-11 16:37 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 787 bytes --]

New comment by concatime on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-672077539

Comment:
I would recommend:
1. changing xbps to bearssl. It has really straight API. One downside is that it does not support TLS 1.3 [yet](//bearssl.org/tls13.html). It’s really easy to build/bootstrap, no perl nor cmake, just pure make.
2. replace LibreSSL by OpenSSL 1.1
3. drop all packages that require OpenSSL 1.0

LibreSSL is intended to be used in OpenBSD. I don’t even know if LibreSSL follows OpenSSL 1.0 or 1.1 API. I’ve had a bug with OCSP in Nginx and it took them 8 months to fix it. See https://github.com/libressl-portable/portable/issues/532. LibreSSL is not a bad project at all, it’s just that it’s meant for OpenBSD.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (115 preceding siblings ...)
  2020-08-11 16:37 ` concatime
@ 2020-08-11 16:37 ` concatime
  2020-08-11 19:42 ` q66
                   ` (24 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: concatime @ 2020-08-11 16:37 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 782 bytes --]

New comment by concatime on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-672077539

Comment:
I would recommend:
1. changing xbps to bearssl. It has really straight API. One downside is that it does not support TLS 1.3 [yet](//bearssl.org/tls13.html). It’s really easy to build/bootstrap, no perl nor cmake, just pure make.
2. replace LibreSSL by OpenSSL 1.1
3. drop all packages that require OpenSSL 1.0

LibreSSL is intended to be used in OpenBSD. I don’t even know if LibreSSL follows OpenSSL 1.0 or 1.1 API. I had a bug with OCSP in Nginx and it took them 8 months to fix it. See https://github.com/libressl-portable/portable/issues/532. LibreSSL is not a bad project at all, it’s just that it’s meant for OpenBSD.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (116 preceding siblings ...)
  2020-08-11 16:37 ` concatime
@ 2020-08-11 19:42 ` q66
  2020-08-12  0:35 ` fosslinux
                   ` (23 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-08-11 19:42 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 217 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-672231015

Comment:
well, ideally we'd go straight with openssl 3.0; it should be out soon, AFAIK.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (117 preceding siblings ...)
  2020-08-11 19:42 ` q66
@ 2020-08-12  0:35 ` fosslinux
  2020-08-12  1:03 ` q66
                   ` (22 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: fosslinux @ 2020-08-12  0:35 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 413 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-672396909

Comment:
> changing xbps to bearssl

Two ssl's is probably a recipe for disaster.

> replace LibreSSL by OpenSSL 1.1
> drop all packages that require OpenSSL 1.0

Agreed.

> LibreSSL is not a bad project at all, it’s just that it’s meant for OpenBSD.

100% agree

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (118 preceding siblings ...)
  2020-08-12  0:35 ` fosslinux
@ 2020-08-12  1:03 ` q66
  2020-08-12  1:53 ` fosslinux
                   ` (21 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: q66 @ 2020-08-12  1:03 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 456 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-672414975

Comment:
i think they meant making xbps use *only* bearssl, which would be fine - you already have multiple TLS implementations in your system (there's openssl/libressl, but also nss, gnutls, etc.)

bearssl is nice, small, and explicitly geared towards security (it performs no dynamic memory allocations for example, AFAIK)

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (119 preceding siblings ...)
  2020-08-12  1:03 ` q66
@ 2020-08-12  1:53 ` fosslinux
  2021-01-04 23:06 ` mgorny
                   ` (20 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: fosslinux @ 2020-08-12  1:53 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 155 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-672448619

Comment:
Ah, I see.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (120 preceding siblings ...)
  2020-08-12  1:53 ` fosslinux
@ 2021-01-04 23:06 ` mgorny
  2021-01-06 10:19 ` marmeladema
                   ` (19 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: mgorny @ 2021-01-04 23:06 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 290 bytes --]

New comment by mgorny on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-754275945

Comment:
FYI Gentoo is discontinuing support in LibreSSL in February — however, in our case it's easier because LibreSSL was always the alternative option.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (121 preceding siblings ...)
  2021-01-04 23:06 ` mgorny
@ 2021-01-06 10:19 ` marmeladema
  2021-01-06 18:31 ` AngryPhantom
                   ` (18 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: marmeladema @ 2021-01-06 10:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 224 bytes --]

New comment by marmeladema on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-755214148

Comment:
Nice read about this: https://lwn.net/SubscriberLink/841664/0ba4265680b9dadf/

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (122 preceding siblings ...)
  2021-01-06 10:19 ` marmeladema
@ 2021-01-06 18:31 ` AngryPhantom
  2021-01-06 18:32 ` AngryPhantom
                   ` (17 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: AngryPhantom @ 2021-01-06 18:31 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 269 bytes --]

New comment by AngryPhantom on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-755484270

Comment:
Another (Gentoo) read is [here](https://www.gentoo.org/support/news-items/2021-01-05-libressl-support-discontinued.html).

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (123 preceding siblings ...)
  2021-01-06 18:31 ` AngryPhantom
@ 2021-01-06 18:32 ` AngryPhantom
  2021-02-11  0:48 ` kawaiiamber
                   ` (16 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: AngryPhantom @ 2021-01-06 18:32 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

New comment by AngryPhantom on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-755484270

Comment:
Another (Gentoo) read is [here](https://www.gentoo.org/support/news-items/2021-01-05-libressl-support-discontinued.html).

P.S. Sorry, it can be already mentioned via link in the comment above.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (124 preceding siblings ...)
  2021-01-06 18:32 ` AngryPhantom
@ 2021-02-11  0:48 ` kawaiiamber
  2021-02-11  1:02 ` eli-schwartz
                   ` (15 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: kawaiiamber @ 2021-02-11  0:48 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 340 bytes --]

New comment by kawaiiamber on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-777139270

Comment:
I don't really know too much about the fine details, but all I hope is that VOID might at least keep LibreSLL as an option? For me at least, LibreSLL was one of the main selling points of VOID.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (125 preceding siblings ...)
  2021-02-11  0:48 ` kawaiiamber
@ 2021-02-11  1:02 ` eli-schwartz
  2021-02-11  1:06 ` kawaiiamber
                   ` (14 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: eli-schwartz @ 2021-02-11  1:02 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 629 bytes --]

New comment by eli-schwartz on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-777143677

Comment:
There's no such thing as keeping it as an option. Every application that links to the ssl libraries needs to either link to one or the other. It's possible to have both, and for some programs to link to one and some to link to the other, but you cannot just swap them out.

If you want to have a version of Void Linux that uses libressl while the main version of Void uses openssl, then it does indeed need to be a version of the entire OS. It would be like the musl/glibc split.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (126 preceding siblings ...)
  2021-02-11  1:02 ` eli-schwartz
@ 2021-02-11  1:06 ` kawaiiamber
  2021-02-11  1:13 ` eli-schwartz
                   ` (13 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: kawaiiamber @ 2021-02-11  1:06 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 756 bytes --]

New comment by kawaiiamber on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-777144799

Comment:
> There's no such thing as keeping it as an option. Every application that links to the ssl libraries needs to either link to one or the other. It's possible to have both, and for some programs to link to one and some to link to the other, but you cannot just swap them out.
> 
> If you want to have a version of Void Linux that uses libressl while the main version of Void uses openssl, then it does indeed need to be a version of the entire OS. It would be like the musl/glibc split.

I see. It would increase the things to maintain to:
`VOID`
`VOID-musl`
`VOID-LibreSSL`
`VOID-LibreSSL-musl`
then.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (127 preceding siblings ...)
  2021-02-11  1:06 ` kawaiiamber
@ 2021-02-11  1:13 ` eli-schwartz
  2021-02-11  1:28 ` ericonr
                   ` (12 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: eli-schwartz @ 2021-02-11  1:13 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 346 bytes --]

New comment by eli-schwartz on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-777146685

Comment:
More or less.

Some packages could be shared between openssl and libressl spins (if they don't link to libssl.so and friends) but it would be less effort to rebuild everything anyway I'm guessing.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (128 preceding siblings ...)
  2021-02-11  1:13 ` eli-schwartz
@ 2021-02-11  1:28 ` ericonr
  2021-02-22  9:12 ` mikhailnov
                   ` (11 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: ericonr @ 2021-02-11  1:28 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 476 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-777150801

Comment:
Most of the listed pros in the top post lead to a decrease in the maintenance burden related to the library that provides the "OpenSSL API" (LibreSSL's ABI breaks, patching external software, etc). If someone wishes to maintain a `void-libressl` distro after such a switch has happened, I can't see it being anything but a Void fork.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (129 preceding siblings ...)
  2021-02-11  1:28 ` ericonr
@ 2021-02-22  9:12 ` mikhailnov
  2021-03-01 20:36 ` Logarithmus
                   ` (10 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: mikhailnov @ 2021-02-22  9:12 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 337 bytes --]

New comment by mikhailnov on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-783221066

Comment:
> It's possible to have both, and for some programs to link to one and some to link to the other

Only for some. It will lead to mixture of 2 different libssls in one runtime in many cases.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (130 preceding siblings ...)
  2021-02-22  9:12 ` mikhailnov
@ 2021-03-01 20:36 ` Logarithmus
  2021-03-01 20:44 ` Logarithmus
                   ` (9 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Logarithmus @ 2021-03-01 20:36 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 289 bytes --]

New comment by Logarithmus on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-788256319

Comment:
How do libressl & openssl compare in terms of code lines count?
Also isn't libressl source code better? Or did the matters change since 2014?

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (131 preceding siblings ...)
  2021-03-01 20:36 ` Logarithmus
@ 2021-03-01 20:44 ` Logarithmus
  2021-03-01 21:06 ` eli-schwartz
                   ` (8 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Logarithmus @ 2021-03-01 20:44 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 669 bytes --]

New comment by Logarithmus on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-788256319

Comment:
How do libressl & openssl compare in terms of code lines count?
Also isn't libressl source code better? Or did the matters change since 2014?

If I understood correctly, the main reason to abandon libressl is maintainance burden. OK, then why support `musl` then?
I use `musl` myself because it's lightweight & its source code is easy to read, compared to `glibc`. But unfortunately it seems that majority of developers don't care about POSIX compliance at all. IMHO `musl` patches are PITA much more than `libressl`. 

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (132 preceding siblings ...)
  2021-03-01 20:44 ` Logarithmus
@ 2021-03-01 21:06 ` eli-schwartz
  2021-03-01 21:27 ` ericonr
                   ` (7 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: eli-schwartz @ 2021-03-01 21:06 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 581 bytes --]

New comment by eli-schwartz on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-788284343

Comment:
> How do libressl & openssl compare in terms of code lines count?

libressl is lots fewer lines, because they removed all the speed on the grounds that it is code bloat?

> Or did the matters change since 2014?

Read the first sentence of the first post in this issue. For the first time -- since it seems you haven't yet read it at all. This was explicitly answered and is in fact the foundational premise of the discussion.


^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (133 preceding siblings ...)
  2021-03-01 21:06 ` eli-schwartz
@ 2021-03-01 21:27 ` ericonr
  2021-09-19 13:10 ` dm17
                   ` (6 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: ericonr @ 2021-03-01 21:27 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1136 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-788306581

Comment:
> If I understood correctly, the main reason to abandon libressl is maintainance burden. OK, then why support musl then?
I use musl myself because it's lightweight & its source code is easy to read, compared to glibc. But unfortunately it seems that majority of developers don't care about POSIX compliance at all. IMHO musl patches are PITA much more than libressl.

C standard libraries have a standard to follow (POSIX, SUS, whatever BSD extensions), however loosely, which makes them at least somewhat homogeneous. musl also considerably affects the entirety of the resulting system: lower memory footprint, less dependency on arbitrary config files spread throughout the file system, and better resilience towards resource exhaustion. On 32-bit systems it also provides y2038 support, once we update that :p

LibreSSL and OpenSSL implement an "arbitrary" API, with obscure versioning and extremely weird usage, and using LibreSSL has removed functionality from many packages we ship.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (134 preceding siblings ...)
  2021-03-01 21:27 ` ericonr
@ 2021-09-19 13:10 ` dm17
  2021-09-19 16:07 ` Vaelatern
                   ` (5 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: dm17 @ 2021-09-19 13:10 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 695 bytes --]

New comment by dm17 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-922471439

Comment:
> > LibreSSL is not a bad project at all, it’s just that it’s meant for OpenBSD.
> 
> 100% agree

I can think of another option... What if we reached out to Hyperbola, KISS Linux, Gentoo, and others - to see how many might want to contribute to a LibreSSL port done right for Linux. Just promote it as a potential project so it can be seen... And then no harm no foul if it doesn't get enough support? 

The conclusions in this thread make sense, but one thing that is left out is the free potential of organizing interested & motivated parties.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (135 preceding siblings ...)
  2021-09-19 13:10 ` dm17
@ 2021-09-19 16:07 ` Vaelatern
  2021-09-19 16:07 ` Vaelatern
                   ` (4 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Vaelatern @ 2021-09-19 16:07 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 207 bytes --]

New comment by Vaelatern on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-922497530

Comment:
@dm17 , you are welcome to spend your effort to this approach.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (136 preceding siblings ...)
  2021-09-19 16:07 ` Vaelatern
@ 2021-09-19 16:07 ` Vaelatern
  2021-09-19 16:07 ` Vaelatern
                   ` (3 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Vaelatern @ 2021-09-19 16:07 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 207 bytes --]

New comment by Vaelatern on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-922497530

Comment:
@dm17 , you are welcome to spend your effort on this approach.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (137 preceding siblings ...)
  2021-09-19 16:07 ` Vaelatern
@ 2021-09-19 16:07 ` Vaelatern
  2021-09-19 17:31 ` mgorny
                   ` (2 subsequent siblings)
  141 siblings, 0 replies; 143+ messages in thread
From: Vaelatern @ 2021-09-19 16:07 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 281 bytes --]

New comment by Vaelatern on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-922497530

Comment:
@dm17 , you are welcome to spend your effort on this approach. Void is unlikely to switch back, since that is additional effort as well.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (138 preceding siblings ...)
  2021-09-19 16:07 ` Vaelatern
@ 2021-09-19 17:31 ` mgorny
  2021-09-20 18:17 ` bugcrazy
  2021-09-20 18:32 ` Duncaen
  141 siblings, 0 replies; 143+ messages in thread
From: mgorny @ 2021-09-19 17:31 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 326 bytes --]

New comment by mgorny on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-922508976

Comment:
@dm17, the problem is not "port done wrong". The problem is lack of compatibility and lack of interest *upstream* to maintain compatibility with two similar-but-incompatible libraries.

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (139 preceding siblings ...)
  2021-09-19 17:31 ` mgorny
@ 2021-09-20 18:17 ` bugcrazy
  2021-09-20 18:32 ` Duncaen
  141 siblings, 0 replies; 143+ messages in thread
From: bugcrazy @ 2021-09-20 18:17 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 570 bytes --]

New comment by bugcrazy on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-923165612

Comment:
@dm17, the problem is that corporations dominate mainstream software, they don't want plurality, they like to centralize, to force the use of software monoculture. There are problems with the Libressl team forcing only on OpenBSD, but on the other hand in the Linux world, there is no unity and innovation on the part of the community, what there is are  corporations dictating the rules, what goes in and out of the  distros!

^ permalink raw reply	[flat|nested] 143+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (140 preceding siblings ...)
  2021-09-20 18:17 ` bugcrazy
@ 2021-09-20 18:32 ` Duncaen
  141 siblings, 0 replies; 143+ messages in thread
From: Duncaen @ 2021-09-20 18:32 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 272 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-923177024

Comment:
We are still waiting on our paychecks, but the switch back to openssl was finalized and there is no need to further discuss this.

^ permalink raw reply	[flat|nested] 143+ messages in thread

end of thread, other threads:[~2021-09-20 18:32 UTC | newest]

Thread overview: 143+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
2020-04-13  0:45 ` travankor
2020-04-13  0:46 ` xtraeme
2020-04-13  0:48 ` protonesso
2020-04-13  0:55 ` q66
2020-04-13  0:57 ` q66
2020-04-13  0:58 ` q66
2020-04-13  1:00 ` travankor
2020-04-13  1:01 ` travankor
2020-04-13  8:58 ` pullmoll
2020-04-13  9:09 ` xtraeme
2020-04-13 10:57 ` xtraeme
2020-04-13 11:29 ` Duncaen
2020-04-13 12:02 ` Hoshpak
2020-04-13 12:04 ` xtraeme
2020-04-13 12:06 ` xtraeme
2020-04-13 12:09 ` xtraeme
2020-04-13 12:09 ` xtraeme
2020-04-16 12:16 ` Johnnynator
2020-04-16 12:18 ` xtraeme
2020-04-16 12:19 ` xtraeme
2020-04-16 12:20 ` xtraeme
2020-04-16 12:22 ` xtraeme
2020-04-16 12:26 ` Johnnynator
2020-04-16 12:29 ` Johnnynator
2020-04-16 12:29 ` xtraeme
2020-04-16 12:31 ` travankor
2020-04-16 12:32 ` xtraeme
2020-04-16 12:33 ` xtraeme
2020-04-16 12:34 ` travankor
2020-04-16 12:34 ` travankor
2020-04-16 12:34 ` travankor
2020-04-16 12:34 ` travankor
2020-04-16 12:35 ` xtraeme
2020-04-16 12:35 ` xtraeme
2020-04-16 12:37 ` xtraeme
2020-04-16 12:40 ` Johnnynator
2020-04-16 12:40 ` Johnnynator
2020-04-16 12:42 ` Johnnynator
2020-04-16 12:43 ` xtraeme
2020-04-16 12:45 ` xtraeme
2020-04-16 12:45 ` xtraeme
2020-04-16 12:51 ` travankor
2020-04-16 12:52 ` travankor
2020-04-16 12:53 ` xtraeme
2020-04-16 12:53 ` Johnnynator
2020-04-16 12:54 ` Johnnynator
2020-04-16 12:55 ` travankor
2020-04-16 12:58 ` travankor
2020-04-16 13:04 ` xtraeme
2020-04-16 13:04 ` xtraeme
2020-04-16 13:05 ` xtraeme
2020-04-16 13:06 ` travankor
2020-04-16 13:07 ` q66
2020-04-16 13:09 ` q66
2020-04-16 13:11 ` xtraeme
2020-04-16 13:12 ` xtraeme
2020-04-16 13:15 ` xtraeme
2020-04-16 13:15 ` q66
2020-04-16 13:18 ` xtraeme
2020-04-16 13:18 ` xtraeme
2020-04-16 13:19 ` q66
2020-04-16 13:21 ` xtraeme
2020-04-16 13:21 ` q66
2020-04-16 13:23 ` xtraeme
2020-04-16 13:24 ` q66
2020-04-16 13:26 ` Johnnynator
2020-04-16 13:28 ` q66
2020-04-16 13:33 ` xtraeme
2020-04-16 13:33 ` xtraeme
2020-04-16 13:35 ` xtraeme
2020-04-16 13:37 ` xtraeme
2020-04-17  6:18 ` Ypnose
2020-04-17  6:18 ` Ypnose
2020-04-17 10:06 ` travankor
2020-04-17 10:06 ` travankor
2020-04-17 10:06 ` travankor
2020-04-17 14:54 ` mobinmob
2020-04-21 21:35 ` howtologinquickwiththirtyninecharacters
2020-04-22 12:16 ` Hoshpak
2020-04-22 12:19 ` xtraeme
2020-04-22 15:05 ` q66
2020-04-23  2:36 ` the-maldridge
2020-04-23  3:35 ` eli-schwartz
2020-04-23  4:43 ` constptr
2020-04-23  7:59 ` fosslinux
2020-04-23  8:23 ` travankor
2020-04-23 10:25 ` Duncaen
2020-04-23 10:29 ` Duncaen
2020-04-23 11:19 ` q66
2020-04-23 11:20 ` constptr
2020-04-24  6:34 ` Ypnose
2020-04-24  7:32 ` the-maldridge
2020-04-24 14:01 ` q66
2020-04-24 16:48 ` q66
2020-04-27 20:31 ` Vaelatern
2020-04-30 21:38 ` CameronNemo
2020-05-01 17:59 ` marmeladema
2020-05-01 18:08 ` marmeladema
2020-05-04  3:56 ` concatime
2020-05-04  3:56 ` concatime
2020-05-04  3:58 ` concatime
2020-05-04  4:00 ` concatime
2020-05-04 12:28 ` travankor
2020-05-15 19:48 ` imrn
2020-05-15 20:55 ` Vaelatern
2020-05-15 20:55 ` Vaelatern
2020-07-30 15:02 ` marmeladema
2020-07-31  0:34 ` fosslinux
2020-08-09  7:37 ` bugcrazy
2020-08-09  9:40 ` Duncaen
2020-08-09  9:41 ` Duncaen
2020-08-09 23:06 ` fosslinux
2020-08-09 23:06 ` fosslinux
2020-08-11  7:07 ` bugcrazy
2020-08-11  7:47 ` fosslinux
2020-08-11 16:37 ` concatime
2020-08-11 16:37 ` concatime
2020-08-11 19:42 ` q66
2020-08-12  0:35 ` fosslinux
2020-08-12  1:03 ` q66
2020-08-12  1:53 ` fosslinux
2021-01-04 23:06 ` mgorny
2021-01-06 10:19 ` marmeladema
2021-01-06 18:31 ` AngryPhantom
2021-01-06 18:32 ` AngryPhantom
2021-02-11  0:48 ` kawaiiamber
2021-02-11  1:02 ` eli-schwartz
2021-02-11  1:06 ` kawaiiamber
2021-02-11  1:13 ` eli-schwartz
2021-02-11  1:28 ` ericonr
2021-02-22  9:12 ` mikhailnov
2021-03-01 20:36 ` Logarithmus
2021-03-01 20:44 ` Logarithmus
2021-03-01 21:06 ` eli-schwartz
2021-03-01 21:27 ` ericonr
2021-09-19 13:10 ` dm17
2021-09-19 16:07 ` Vaelatern
2021-09-19 16:07 ` Vaelatern
2021-09-19 16:07 ` Vaelatern
2021-09-19 17:31 ` mgorny
2021-09-20 18:17 ` bugcrazy
2021-09-20 18:32 ` Duncaen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).