Github messages for voidlinux
 help / color / Atom feed
* [ISSUE] [RFC] Switching back to OpenSSL
@ 2020-04-12 21:44 Johnnynator
  2020-04-13  0:45 ` travankor
                   ` (107 more replies)
  0 siblings, 108 replies; 109+ messages in thread
From: Johnnynator @ 2020-04-12 21:44 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 788 bytes --]

New issue by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935

Description:
OpenSSL nowadays doesn't have the issues anymore it had back in 2015 and significantly more Contributors watching and improving it. LibreSSL usually lacks behind in terms of supported algorithms and doesn't support the same API. Libs like Qt dropping support for OpenSSL 1.0 makes it significantly harder to maintain a (correct) patchset for LibreSSL support.

### OpenSSL Pros

* Not that many (potentially wrong) patches needed, proper upstream support for nearly ever lib/program
* Potentially faster on non x86_64 platforms
* Access to newer Algorithms earlier
* No ABI breakage every 6 month

### LibreSSL Pros

* Potentially safer by default (?)

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
@ 2020-04-13  0:45 ` travankor
  2020-04-13  0:46 ` xtraeme
                   ` (106 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-13  0:45 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 563 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701546

Comment:
Another advantage: OpenSSL is switching to a license the OpenBSD consider [non-free](https://www.openbsd.org/policy.html) (Apache-2.0, which Void considers free). This means the codebase between openssl and libressl is more likely to diverge.

I think having better software and hardware support (ie: aarch64 crypto acceleration) is more useful for Void than security (not that openssl is super insecure these days).

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
  2020-04-13  0:45 ` travankor
@ 2020-04-13  0:46 ` xtraeme
  2020-04-13  0:48 ` protonesso
                   ` (105 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-13  0:46 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 176 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701686

Comment:
Cons: openssl needs perl to build

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
  2020-04-13  0:45 ` travankor
  2020-04-13  0:46 ` xtraeme
@ 2020-04-13  0:48 ` protonesso
  2020-04-13  0:55 ` q66
                   ` (104 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: protonesso @ 2020-04-13  0:48 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 150 bytes --]

New comment by protonesso on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701979

Comment:
bruh

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (2 preceding siblings ...)
  2020-04-13  0:48 ` protonesso
@ 2020-04-13  0:55 ` q66
  2020-04-13  0:57 ` q66
                   ` (103 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-13  0:55 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 634 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612703000

Comment:
I'd argue that OpenSSL is safer, since it just gets a lot more attention and audit nowadays. Since heartbleed a lot of attention has gone to OpenSSL, it's probably one of the better-audited projects nowadays.

The performance increase on non-x86_64 platforms is not "potential", it's there; OpenSSL has optimized assembly code for most architectures, in addition to plain C fallbacks - LibreSSL does not have them, they all got dropped with the exception of the x86_64 ones.

So, +1 from me.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (3 preceding siblings ...)
  2020-04-13  0:55 ` q66
@ 2020-04-13  0:57 ` q66
  2020-04-13  0:58 ` q66
                   ` (102 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-13  0:57 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 779 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612703000

Comment:
I'd argue that OpenSSL is safer, since it just gets a lot more attention and audit nowadays. Since heartbleed a lot of attention has gone to OpenSSL, it's probably one of the better-audited projects nowadays.

The performance increase on non-x86_64 platforms is not "potential", it's there; OpenSSL has optimized assembly code for most architectures, in addition to plain C fallbacks - LibreSSL does not have them, they all got dropped with the exception of the x86_64 ones.

So, +1 from me.

Perl being required for build is a non-problem, it's already required for build in several other bootstrap packages, including gcc and glibc.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (4 preceding siblings ...)
  2020-04-13  0:57 ` q66
@ 2020-04-13  0:58 ` q66
  2020-04-13  1:00 ` travankor
                   ` (101 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-13  0:58 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 790 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612703000

Comment:
I'd argue that OpenSSL is safer, since it just gets a lot more attention and audit nowadays. Since heartbleed a lot of attention has gone to OpenSSL, it's probably one of the better-audited projects nowadays.

The performance increase on non-x86_64 platforms is not "potential", it's there; OpenSSL has optimized assembly code for most architectures, in addition to plain C fallbacks - LibreSSL does not have them, they all got dropped with the exception of the x86_64 ones.

So, +1 from me.

Perl being required for build is a non-problem, it's already required for build in several other bootstrap packages, including coreutils, gcc and glibc.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (5 preceding siblings ...)
  2020-04-13  0:58 ` q66
@ 2020-04-13  1:00 ` travankor
  2020-04-13  1:01 ` travankor
                   ` (100 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-13  1:00 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 614 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701546

Comment:
Another advantage: OpenSSL is switching to a license the OpenBSD consider [non-free](https://www.openbsd.org/policy.html) (Apache-2.0, which Void considers free). This means the codebase between openssl and libressl is more likely to diverge.

I think having better software (ie: haskell openssl keeps breaking with libressl) and hardware support (ie: aarch64 crypto acceleration) is more useful for Void than security (not that openssl is super insecure these days).

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (6 preceding siblings ...)
  2020-04-13  1:00 ` travankor
@ 2020-04-13  1:01 ` travankor
  2020-04-13  8:58 ` pullmoll
                   ` (99 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-13  1:01 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 618 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701546

Comment:
Another advantage: OpenSSL is switching to a license the OpenBSD consider [non-free](https://www.openbsd.org/policy.html) (Apache-2.0, which Void considers free). This means the codebase between openssl and libressl is more likely to diverge.

I think having better software (ie: haskell ssl library keeps breaking with libressl) and hardware support (ie: aarch64 crypto acceleration) is more useful for Void than security (not that openssl is super insecure these days).

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (7 preceding siblings ...)
  2020-04-13  1:01 ` travankor
@ 2020-04-13  8:58 ` pullmoll
  2020-04-13  9:09 ` xtraeme
                   ` (98 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: pullmoll @ 2020-04-13  8:58 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 586 bytes --]

New comment by pullmoll on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612816313

Comment:
I had myself several times where it was difficult to see in which way patching a source for libressl would be correct. This is because I do not know every detail of the differences between the openssl versions 1.0.x and 1.1.x, and the libressl API lies somewhere in between the two.

So from my point of view using openssl could save us lots of work, and if a majority thinks that openssl is audited well enough nowadays, I'm pro switching.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (8 preceding siblings ...)
  2020-04-13  8:58 ` pullmoll
@ 2020-04-13  9:09 ` xtraeme
  2020-04-13 10:57 ` xtraeme
                   ` (97 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-13  9:09 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 201 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612820412

Comment:
No objections. But the website will have to be updated... 

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (9 preceding siblings ...)
  2020-04-13  9:09 ` xtraeme
@ 2020-04-13 10:57 ` xtraeme
  2020-04-13 11:29 ` Duncaen
                   ` (96 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-13 10:57 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 318 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612853344

Comment:
If you are going this route, please do not change xbps. I prefer to keep xbps to use libressl, mainly because this avoids lots of unnecessary dependencies while bootstrapping.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (10 preceding siblings ...)
  2020-04-13 10:57 ` xtraeme
@ 2020-04-13 11:29 ` Duncaen
  2020-04-13 12:02 ` Hoshpak
                   ` (95 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Duncaen @ 2020-04-13 11:29 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 150 bytes --]

New comment by protonesso on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701979

Comment:
bruh

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (11 preceding siblings ...)
  2020-04-13 11:29 ` Duncaen
@ 2020-04-13 12:02 ` Hoshpak
  2020-04-13 12:04 ` xtraeme
                   ` (94 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Hoshpak @ 2020-04-13 12:02 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 821 bytes --]

New comment by Hoshpak on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612870992

Comment:
Are you talking about xbps as a project or the Void Linux xbps package? Switching all packages to openssl and still forcing every Void system to still install libressl in parallel through xbps would make it kind of pointless to switch in the first place.

I generally agree that we should switch to openssl. Libressl not supporting the openssl 1.1 API is increasingly holding packages back (I think I had issues when trying to update postfix in the past) and cannot be trivially patched. The slow movement of libressl development also bothers me and led me to not use it on my server. I am now able to connect to this server via TLS 1.3, just not from any of my Void machines.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (12 preceding siblings ...)
  2020-04-13 12:02 ` Hoshpak
@ 2020-04-13 12:04 ` xtraeme
  2020-04-13 12:06 ` xtraeme
                   ` (93 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-13 12:04 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 163 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612871637

Comment:
I mean the void pkg.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (13 preceding siblings ...)
  2020-04-13 12:04 ` xtraeme
@ 2020-04-13 12:06 ` xtraeme
  2020-04-13 12:09 ` xtraeme
                   ` (92 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-13 12:06 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 204 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612872193

Comment:
FYI  https://github.com/libressl-portable/portable/issues/228

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (14 preceding siblings ...)
  2020-04-13 12:06 ` xtraeme
@ 2020-04-13 12:09 ` xtraeme
  2020-04-13 12:09 ` xtraeme
                   ` (91 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-13 12:09 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 292 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612872804

Comment:
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (15 preceding siblings ...)
  2020-04-13 12:09 ` xtraeme
@ 2020-04-13 12:09 ` xtraeme
  2020-04-16 12:16 ` Johnnynator
                   ` (90 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-13 12:09 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 196 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612872943

Comment:
Anyway I don't really care, simply don't switch xbps.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (16 preceding siblings ...)
  2020-04-13 12:09 ` xtraeme
@ 2020-04-16 12:16 ` Johnnynator
  2020-04-16 12:18 ` xtraeme
                   ` (89 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Johnnynator @ 2020-04-16 12:16 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 334 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614615877

Comment:
> Simply don't switch xbps.

This would also imply to build libarchive against LibreSSL, but nevertheless I dislike having both LibreSSL and OpenSSL at the same time in the base system.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (17 preceding siblings ...)
  2020-04-16 12:16 ` Johnnynator
@ 2020-04-16 12:18 ` xtraeme
  2020-04-16 12:19 ` xtraeme
                   ` (88 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:18 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 240 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614616828

Comment:
We do have already multiple implementations at the same time, see mbedtls, gnutls, libressl, etc.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (18 preceding siblings ...)
  2020-04-16 12:18 ` xtraeme
@ 2020-04-16 12:19 ` xtraeme
  2020-04-16 12:20 ` xtraeme
                   ` (87 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:19 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 247 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614617096

Comment:
Anyway I've been thinking about it and maybe I'll switch xbps to use mbedtls. Not sure yet. So go ahead!

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (19 preceding siblings ...)
  2020-04-16 12:19 ` xtraeme
@ 2020-04-16 12:20 ` xtraeme
  2020-04-16 12:22 ` xtraeme
                   ` (86 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:20 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 259 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614617662

Comment:
I think it would be good to have openssl as another provider, and then we can decide what software depends on which.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (20 preceding siblings ...)
  2020-04-16 12:20 ` xtraeme
@ 2020-04-16 12:22 ` xtraeme
  2020-04-16 12:26 ` Johnnynator
                   ` (85 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:22 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 516 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614618589

Comment:
I agree about the ABI breakage in libressl, this is the only thing that bothers me, but I still think they are doing good with the software. I'm pretty sure OpenBSD devs do a great security work!

Note that openssl was only improved (after heartbleed) because they received lots of donations that made some developers work at full time. Not sure if this is true nowadays.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (21 preceding siblings ...)
  2020-04-16 12:22 ` xtraeme
@ 2020-04-16 12:26 ` Johnnynator
  2020-04-16 12:29 ` Johnnynator
                   ` (84 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Johnnynator @ 2020-04-16 12:26 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 316 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614620637

Comment:
> We do have already multiple implementations at the same time, see mbedtls, gnutls, libressl, etc.

But not in the base system, there we only have LibreSSL as of now.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (22 preceding siblings ...)
  2020-04-16 12:26 ` Johnnynator
@ 2020-04-16 12:29 ` Johnnynator
  2020-04-16 12:29 ` xtraeme
                   ` (83 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Johnnynator @ 2020-04-16 12:29 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 298 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614622006

Comment:
E.g. I need to decide if ca-certificates depends on LibreSSL or OpenSSL (in theory I might be able to patch `update-ca-certificates` to work with both)

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (23 preceding siblings ...)
  2020-04-16 12:29 ` Johnnynator
@ 2020-04-16 12:29 ` xtraeme
  2020-04-16 12:31 ` travankor
                   ` (82 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:29 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 236 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614622203

Comment:
@Johnnynator this is not an issue! we can make both work at the same time, including mbedtls.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (24 preceding siblings ...)
  2020-04-16 12:29 ` xtraeme
@ 2020-04-16 12:31 ` travankor
  2020-04-16 12:32 ` xtraeme
                   ` (81 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-16 12:31 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 229 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614623285

Comment:
@xtraeme What about bearssl? In the link you provided above, it resists the attacks.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (25 preceding siblings ...)
  2020-04-16 12:31 ` travankor
@ 2020-04-16 12:32 ` xtraeme
  2020-04-16 12:33 ` xtraeme
                   ` (80 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:32 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 240 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614623665

Comment:
@Johnnynator hmm I would not do this way. Each ssl implementation must depend on ca-certificates.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (26 preceding siblings ...)
  2020-04-16 12:32 ` xtraeme
@ 2020-04-16 12:33 ` xtraeme
  2020-04-16 12:34 ` travankor
                   ` (79 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:33 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 275 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614623999

Comment:
@travankor well, you are free to use whatever you think is ok! I think having openssl is ok, as long as libressl is still an option!

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (27 preceding siblings ...)
  2020-04-16 12:33 ` xtraeme
@ 2020-04-16 12:34 ` travankor
  2020-04-16 12:34 ` travankor
                   ` (78 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-16 12:34 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 336 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614623285

Comment:
>Anyway I've been thinking about it and maybe I'll switch xbps to use mbedtls. Not sure yet. So go ahead!
@xtraeme What about bearssl? In the link you provided above, it resists the attacks.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (28 preceding siblings ...)
  2020-04-16 12:34 ` travankor
@ 2020-04-16 12:34 ` travankor
  2020-04-16 12:34 ` travankor
                   ` (77 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-16 12:34 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 338 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614623285

Comment:
>Anyway I've been thinking about it and maybe I'll switch xbps to use mbedtls. Not sure yet. So go ahead!

@xtraeme What about bearssl? In the link you provided above, it resists the attacks.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (29 preceding siblings ...)
  2020-04-16 12:34 ` travankor
@ 2020-04-16 12:34 ` travankor
  2020-04-16 12:34 ` travankor
                   ` (76 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-16 12:34 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 165 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614624541

Comment:
no, i meant for xbps

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (30 preceding siblings ...)
  2020-04-16 12:34 ` travankor
@ 2020-04-16 12:34 ` travankor
  2020-04-16 12:35 ` xtraeme
                   ` (75 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-16 12:34 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 192 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614624541

Comment:
no, i meant for xbps, as an alternative backend

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (31 preceding siblings ...)
  2020-04-16 12:34 ` travankor
@ 2020-04-16 12:35 ` xtraeme
  2020-04-16 12:35 ` xtraeme
                   ` (74 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:35 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 224 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614624871

Comment:
I haven't looked into it, but if xbps supports all alternatives it would be good.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (32 preceding siblings ...)
  2020-04-16 12:35 ` xtraeme
@ 2020-04-16 12:35 ` xtraeme
  2020-04-16 12:37 ` xtraeme
                   ` (73 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:35 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 238 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614625156

Comment:
right now xbps does not support openssl >= 1.1, so we are stuck with older openssl or libressl.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (33 preceding siblings ...)
  2020-04-16 12:35 ` xtraeme
@ 2020-04-16 12:37 ` xtraeme
  2020-04-16 12:40 ` Johnnynator
                   ` (72 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:37 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 232 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614625889

Comment:
in fact I haven't tried with openssl >= 1.1, but I think it would need minimal changes...

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (34 preceding siblings ...)
  2020-04-16 12:37 ` xtraeme
@ 2020-04-16 12:40 ` Johnnynator
  2020-04-16 12:40 ` Johnnynator
                   ` (71 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Johnnynator @ 2020-04-16 12:40 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 647 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614627195

Comment:
> @Johnnynator hmm I would not do this way. Each ssl implementation must depend on ca-certificates.

Yes, all ssl implementation depend on ca-certs but ca-certs depends on only one SSL implementation.
But the update-ca-certificates script right now ONLY works with libressl. And the openssl command does not have a proper way of querying whether it is OpenSSL or LibreSSL. (It always exits with 0, even when the command was not found..., so I need to judge it by what is print to stdout, argh...).

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (35 preceding siblings ...)
  2020-04-16 12:40 ` Johnnynator
@ 2020-04-16 12:40 ` Johnnynator
  2020-04-16 12:42 ` Johnnynator
                   ` (70 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Johnnynator @ 2020-04-16 12:40 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 287 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614627390

Comment:
> in fact I haven't tried with openssl >= 1.1, but I think it would need minimal changes...

XBPS did compile and run fine for me locally.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (36 preceding siblings ...)
  2020-04-16 12:40 ` Johnnynator
@ 2020-04-16 12:42 ` Johnnynator
  2020-04-16 12:43 ` xtraeme
                   ` (69 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Johnnynator @ 2020-04-16 12:42 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 760 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614627195

Comment:
> @Johnnynator hmm I would not do this way. Each ssl implementation must depend on ca-certificates.

Yes, all ssl implementation depend on ca-certs but ca-certs depends on only one SSL implementation.
But the update-ca-certificates script right now ONLY works with libressl. And the openssl command does not have a proper way of querying whether it is OpenSSL or LibreSSL. (It always exits with 0, even when the command was not found..., so I need to judge it by what is print to stdout, argh...).

Edit: correction, OpenSSL exits with `1` on invalid commands, LibreSSL is the one that always exits with `0`.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (37 preceding siblings ...)
  2020-04-16 12:42 ` Johnnynator
@ 2020-04-16 12:43 ` xtraeme
  2020-04-16 12:45 ` xtraeme
                   ` (68 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:43 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 366 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614628964

Comment:
@Johnnynator cool! I'll update the README then.

So I'm not against it, but what bothers me about openssl is the perl build dependency... it DOES matter while bootstrapping. I would take the alpine patch to get rid of it.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (38 preceding siblings ...)
  2020-04-16 12:43 ` xtraeme
@ 2020-04-16 12:45 ` xtraeme
  2020-04-16 12:45 ` xtraeme
                   ` (67 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:45 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 313 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614629821

Comment:
@Johnnynator we could use alternative for the openssl command, and then use the specific impl cmd, i.e for openssl "openssl", for libressl "openssl-libressl" or whatever.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (39 preceding siblings ...)
  2020-04-16 12:45 ` xtraeme
@ 2020-04-16 12:45 ` xtraeme
  2020-04-16 12:51 ` travankor
                   ` (66 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:45 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 314 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614629821

Comment:
@Johnnynator we could use alternatives for the openssl command, and then use the specific impl cmd, i.e for openssl "openssl", for libressl "openssl-libressl" or whatever.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (40 preceding siblings ...)
  2020-04-16 12:45 ` xtraeme
@ 2020-04-16 12:51 ` travankor
  2020-04-16 12:52 ` travankor
                   ` (65 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-16 12:51 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 407 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614632896

Comment:
Anyways, stick with libressl 3.1 for now, it's about to get released and adds more compatibility for openssl 1.1.

My main issue is that libressl won't match the openssl 3.X/4.X/5.X API in the long run because of the Apache license make code-sharing difficult.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (41 preceding siblings ...)
  2020-04-16 12:51 ` travankor
@ 2020-04-16 12:52 ` travankor
  2020-04-16 12:53 ` xtraeme
                   ` (64 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-16 12:52 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 405 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614632896

Comment:
Anyways, stick with libressl 3.1 for now, it's about to get released and adds more compatibility for openssl 1.1.

My main issue is that libressl won't match the openssl 3.X/4.X/5.X API in the long run because the Apache license makes code-sharing difficult.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (42 preceding siblings ...)
  2020-04-16 12:52 ` travankor
@ 2020-04-16 12:53 ` xtraeme
  2020-04-16 12:53 ` Johnnynator
                   ` (63 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 12:53 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 210 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614633926

Comment:
@travankor they aren't API/ABI compatible for a long time anyway...

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (43 preceding siblings ...)
  2020-04-16 12:53 ` xtraeme
@ 2020-04-16 12:53 ` Johnnynator
  2020-04-16 12:54 ` Johnnynator
                   ` (62 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Johnnynator @ 2020-04-16 12:53 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 962 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614633968

Comment:
> @Johnnynator we could use alternatives for the openssl command, and then use the specific impl cmd, i.e for openssl "openssl", for libressl "openssl-libressl" or whatever.

Probably the most sane way, I will prepare it like that.
> @Johnnynator cool! I'll update the README then.
> 
> So I'm not against it, but what bothers me about openssl is the perl build dependency... it DOES matter while bootstrapping. I would take the alpine patch to get rid of it.

Alpine also needs perl for bootstraping, and the perl `c_rehash` runtime script is not needed in our case, since our `ca-certifcates` package is not using it, so we can simply ignore it. Also as q66 pointed out, we already have a few packages that need perl for bootstrapping (e.g. `glibc`, `gcc`), so I don't see an issue with OpenSSL needing it.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (44 preceding siblings ...)
  2020-04-16 12:53 ` Johnnynator
@ 2020-04-16 12:54 ` Johnnynator
  2020-04-16 12:55 ` travankor
                   ` (61 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Johnnynator @ 2020-04-16 12:54 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 310 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614634371

Comment:
> Anyways, stick with libressl 3.1 for now, it's about to get released and adds more compatibility for openssl 1.1.

There are still significant gaps in the API.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (45 preceding siblings ...)
  2020-04-16 12:54 ` Johnnynator
@ 2020-04-16 12:55 ` travankor
  2020-04-16 12:58 ` travankor
                   ` (60 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-16 12:55 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 173 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614634855

Comment:
Is openssl needed right now?

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (46 preceding siblings ...)
  2020-04-16 12:55 ` travankor
@ 2020-04-16 12:58 ` travankor
  2020-04-16 13:04 ` xtraeme
                   ` (59 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-16 12:58 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 209 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614636147

Comment:
@xtraeme Yep, they will be two separate libraries in the future.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (47 preceding siblings ...)
  2020-04-16 12:58 ` travankor
@ 2020-04-16 13:04 ` xtraeme
  2020-04-16 13:04 ` xtraeme
                   ` (58 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:04 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 355 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614639287

Comment:
I agree with two points in this PR:

- openssl contains ASM for some archs, i.e faster than libressl.
- they don't break the ABI each 6 months.

I think those are two strong points to stick with openssl.



^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (48 preceding siblings ...)
  2020-04-16 13:04 ` xtraeme
@ 2020-04-16 13:04 ` xtraeme
  2020-04-16 13:05 ` xtraeme
                   ` (57 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:04 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 217 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614639597

Comment:
As long as they don't repeat another heartbleed again I'm all for it! rofl

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (49 preceding siblings ...)
  2020-04-16 13:04 ` xtraeme
@ 2020-04-16 13:05 ` xtraeme
  2020-04-16 13:06 ` travankor
                   ` (56 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:05 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 198 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614639794

Comment:
that's why I'm saying to keep libressl... just in case.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (50 preceding siblings ...)
  2020-04-16 13:05 ` xtraeme
@ 2020-04-16 13:06 ` travankor
  2020-04-16 13:07 ` q66
                   ` (55 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-16 13:06 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 191 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614640812

Comment:
stuff that uses libtls will need libressl, too

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (51 preceding siblings ...)
  2020-04-16 13:06 ` travankor
@ 2020-04-16 13:07 ` q66
  2020-04-16 13:09 ` q66
                   ` (54 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-16 13:07 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 499 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614641214

Comment:
Perl does *not* matter while bootstrapping, stop insisting that it does. I still don't see any reason to package both of them either, as @Johnnynator said it would require libarchive to be built against it and complicate everything. The "just in case" argument doesn't make any sense, *either of them* could mess up something and you have no way to know which.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (52 preceding siblings ...)
  2020-04-16 13:07 ` q66
@ 2020-04-16 13:09 ` q66
  2020-04-16 13:11 ` xtraeme
                   ` (53 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-16 13:09 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 281 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614642146

Comment:
Does anything actually use libtls? Since it's a libressl specific api and most distros don't package it at all, I don't think we need to worry

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (53 preceding siblings ...)
  2020-04-16 13:09 ` q66
@ 2020-04-16 13:11 ` xtraeme
  2020-04-16 13:12 ` xtraeme
                   ` (52 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:11 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 561 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614643370

Comment:
```
[juan@leysa ~]$ xbps-query -Rs libtls.so -p shlib-requires
acme-client-0.1.16_4: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
libressl-3.0.2_2: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
libressl-netcat-3.0.2_2: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
openntpd-6.2p3_5: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
s6-networking-2.3.1.2_1: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
[juan@leysa ~]$
```

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (54 preceding siblings ...)
  2020-04-16 13:11 ` xtraeme
@ 2020-04-16 13:12 ` xtraeme
  2020-04-16 13:15 ` xtraeme
                   ` (51 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:12 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 220 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614644087

Comment:
@q66 I'm aware of perl in bootstrap. But in the musl case it's not necessary!

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (55 preceding siblings ...)
  2020-04-16 13:12 ` xtraeme
@ 2020-04-16 13:15 ` xtraeme
  2020-04-16 13:15 ` q66
                   ` (50 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:15 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 248 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614645464

Comment:
Note that libarchive does only need openssl for libcrypto (shaXXX and related) not anything from SSL/TLS.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (56 preceding siblings ...)
  2020-04-16 13:15 ` xtraeme
@ 2020-04-16 13:15 ` q66
  2020-04-16 13:18 ` xtraeme
                   ` (49 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-16 13:15 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 187 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614645489

Comment:
It is, since coreutils needs it, as well as GCC.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (57 preceding siblings ...)
  2020-04-16 13:15 ` q66
@ 2020-04-16 13:18 ` xtraeme
  2020-04-16 13:18 ` xtraeme
                   ` (48 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:18 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 620 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614646888

Comment:
@q66 perl is only required in coreutils to run the test suite.

```
# The test suite needs to know if we have a working perl.
# FIXME: this is suboptimal.  Ideally, we would be able to call gl_PERL
# with an ACTION-IF-NOT-FOUND argument ...
cu_have_perl=yes
case $PERL in *"/missing "*) cu_have_perl=no;; esac
 if test $cu_have_perl = yes; then
  HAVE_PERL_TRUE=
  HAVE_PERL_FALSE='#'
else
  HAVE_PERL_TRUE='#'
  HAVE_PERL_FALSE=
fi
```
from coreutils configure

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (58 preceding siblings ...)
  2020-04-16 13:18 ` xtraeme
@ 2020-04-16 13:18 ` xtraeme
  2020-04-16 13:19 ` q66
                   ` (47 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:18 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 205 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614647058

Comment:
@q66 GCC only requires perl due to texinfo, which is optional!

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (59 preceding siblings ...)
  2020-04-16 13:18 ` xtraeme
@ 2020-04-16 13:19 ` q66
  2020-04-16 13:21 ` xtraeme
                   ` (46 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-16 13:19 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 427 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614647425

Comment:
Libcrypto contains the majority of the asm acceleration code, including for sha*. Wrt libtls: so... other openbsd projects (duh) - I doubt it'd required, as e.g. Debian packages openntpd without libressl, and s6-networking, which can also use bearssl, which is a better choice either way.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (60 preceding siblings ...)
  2020-04-16 13:19 ` q66
@ 2020-04-16 13:21 ` xtraeme
  2020-04-16 13:21 ` q66
                   ` (45 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:21 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 450 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614648946

Comment:
@q66 I'm not against this at all! not sure what's your point.

@Johnnynator already tried xbps with openssl >= 1.1 and it's ok, so it's ok for me too.

I was only mentioning the fact that openssl needs perl to build. But as you said, we require perl for bootstrapping so it's not an issue.

+1 from me

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (61 preceding siblings ...)
  2020-04-16 13:21 ` xtraeme
@ 2020-04-16 13:21 ` q66
  2020-04-16 13:23 ` xtraeme
                   ` (44 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-16 13:21 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 328 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614649016

Comment:
Anyway, openssl needs Perl for good reasons, it uses it to deal with processing the assembly code for different targets. Libressl was only able to rip it out because they ripped out the asm

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (62 preceding siblings ...)
  2020-04-16 13:21 ` q66
@ 2020-04-16 13:23 ` xtraeme
  2020-04-16 13:24 ` q66
                   ` (43 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:23 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 252 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614650064

Comment:
Alpine had a C implementation to get rid of perl in openssl in the past... not sure if this is true nowadays.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (63 preceding siblings ...)
  2020-04-16 13:23 ` xtraeme
@ 2020-04-16 13:24 ` q66
  2020-04-16 13:26 ` Johnnynator
                   ` (42 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-16 13:24 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 164 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614650677

Comment:
C implementation of what?

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (64 preceding siblings ...)
  2020-04-16 13:24 ` q66
@ 2020-04-16 13:26 ` Johnnynator
  2020-04-16 13:28 ` q66
                   ` (41 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Johnnynator @ 2020-04-16 13:26 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 309 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614651420

Comment:
They still have c implementation of `c_rehash` but as I said, it is not really needed and we can ignore it, since we use the debian ca_certificates update script.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (65 preceding siblings ...)
  2020-04-16 13:26 ` Johnnynator
@ 2020-04-16 13:28 ` q66
  2020-04-16 13:33 ` xtraeme
                   ` (40 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-16 13:28 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 388 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614653071

Comment:
There are much worse bootstrap dependencies we could have than Perl anyway, as far as I know Perl has never been problematic on anything, has been around for decades and is completely portable. And pretty much every single distro out there ships it.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (66 preceding siblings ...)
  2020-04-16 13:28 ` q66
@ 2020-04-16 13:33 ` xtraeme
  2020-04-16 13:33 ` xtraeme
                   ` (39 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:33 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 278 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614655698

Comment:
perl portable? sure, but only for native builds! it took me a while to figure out cross compilation way before perl-cross existed! ROFL

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (67 preceding siblings ...)
  2020-04-16 13:33 ` xtraeme
@ 2020-04-16 13:33 ` xtraeme
  2020-04-16 13:35 ` xtraeme
                   ` (38 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:33 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 213 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614656000

Comment:
@q66 just take a look at void-packages git logs to see all my changes!

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (68 preceding siblings ...)
  2020-04-16 13:33 ` xtraeme
@ 2020-04-16 13:35 ` xtraeme
  2020-04-16 13:37 ` xtraeme
                   ` (37 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:35 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 388 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614657182

Comment:
```
[juan@leysa void-packages]$ git shortlog -sn|head -5
 35726	Juan RP
 11076	maxice8
  8004	Leah Neukirchen
  6412	Michael Gehring
  6328	Enno Boland
[juan@leysa void-packages]$
```
There's a reason why I've got 35K commits, you know!

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (69 preceding siblings ...)
  2020-04-16 13:35 ` xtraeme
@ 2020-04-16 13:37 ` xtraeme
  2020-04-17  6:18 ` Ypnose
                   ` (36 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-16 13:37 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 210 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614658237

Comment:
Anyway I'll stop with this thread.

+1 to switch to openssl again

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (70 preceding siblings ...)
  2020-04-16 13:37 ` xtraeme
@ 2020-04-17  6:18 ` Ypnose
  2020-04-17  6:18 ` Ypnose
                   ` (35 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Ypnose @ 2020-04-17  6:18 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 429 bytes --]

New comment by Ypnose on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-615064925

Comment:
I'm not longer a package maintainer, but from an user perspective `libressl` is sometimes painful when specific `openssl` options are needed and not included. There is an example here : https://github.com/libressl-portable/portable/issues/544
If it can save maintainers time, go for it.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (71 preceding siblings ...)
  2020-04-17  6:18 ` Ypnose
@ 2020-04-17  6:18 ` Ypnose
  2020-04-17 10:06 ` travankor
                   ` (34 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Ypnose @ 2020-04-17  6:18 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 428 bytes --]

New comment by Ypnose on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-615064925

Comment:
I'm no longer a package maintainer, but from an user perspective `libressl` is sometimes painful when specific `openssl` options are needed and not included. There is an example here : https://github.com/libressl-portable/portable/issues/544
If it can save maintainers time, go for it.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (72 preceding siblings ...)
  2020-04-17  6:18 ` Ypnose
@ 2020-04-17 10:06 ` travankor
  2020-04-17 10:06 ` travankor
                   ` (33 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-17 10:06 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 405 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614632896

Comment:
Anyways, stick with libressl 3.1 for now, it's about to get released and adds more compatibility for openssl 1.1.

My main issue is that libressl won't match the openssl 3.X/4.X/5.X API in the long run because the Apache license makes code-sharing difficult.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (73 preceding siblings ...)
  2020-04-17 10:06 ` travankor
@ 2020-04-17 10:06 ` travankor
  2020-04-17 10:06 ` travankor
                   ` (32 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-17 10:06 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 173 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614634855

Comment:
Is openssl needed right now?

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (74 preceding siblings ...)
  2020-04-17 10:06 ` travankor
@ 2020-04-17 10:06 ` travankor
  2020-04-17 14:54 ` mobinmob
                   ` (31 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-17 10:06 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 209 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-614636147

Comment:
@xtraeme Yep, they will be two separate libraries in the future.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (75 preceding siblings ...)
  2020-04-17 10:06 ` travankor
@ 2020-04-17 14:54 ` mobinmob
  2020-04-21 21:35 ` howtologinquickwiththirtyninecharacters
                   ` (30 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: mobinmob @ 2020-04-17 14:54 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 935 bytes --]

New comment by mobinmob on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-615290027

Comment:
> ```
> [juan@leysa ~]$ xbps-query -Rs libtls.so -p shlib-requires
> acme-client-0.1.16_4: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
> libressl-3.0.2_2: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
> libressl-netcat-3.0.2_2: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
> openntpd-6.2p3_5: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
> s6-networking-2.3.1.2_1: libtls.so.19 (/mnt/storage/hostdir/binpkgs)
> [juan@leysa ~]$
> ```

s6-networking works with bearssl. Upstream [marks bearssl support as beta](https://skarnet.org/software/s6-networking/) but both [Alpine](https://git.alpinelinux.org/aports/tree/main/s6-networking/APKBUILD?id=0ac87b7fb4b8e4e3717e3611107fc463c8dd261b) and [Adelie](https://code.foxkit.us/adelie/packages/blob/master/user/s6-networking/APKBUILD) use it.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (76 preceding siblings ...)
  2020-04-17 14:54 ` mobinmob
@ 2020-04-21 21:35 ` howtologinquickwiththirtyninecharacters
  2020-04-22 12:16 ` Hoshpak
                   ` (29 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: howtologinquickwiththirtyninecharacters @ 2020-04-21 21:35 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 465 bytes --]

New comment by howtologinquickwiththirtyninecharacters on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-617426990

Comment:
@Johnnynator you may want to update your package to 1.1.1g, versions d, e and f are affected by [this vulnerability](https://www.openssl.org/news/secadv/20200421.txt). (Is this the right place to comment on this or should I have commented on the New package request? I'm still new to this).

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (77 preceding siblings ...)
  2020-04-21 21:35 ` howtologinquickwiththirtyninecharacters
@ 2020-04-22 12:16 ` Hoshpak
  2020-04-22 12:19 ` xtraeme
                   ` (28 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Hoshpak @ 2020-04-22 12:16 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 371 bytes --]

New comment by Hoshpak on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-617743521

Comment:
The version remark would have been better in the PR however the vulnerability itself is highly relevant to this discussion since the number of vulnerabilities in each library is an important decision criterion for a TLS library.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (78 preceding siblings ...)
  2020-04-22 12:16 ` Hoshpak
@ 2020-04-22 12:19 ` xtraeme
  2020-04-22 15:05 ` q66
                   ` (27 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: xtraeme @ 2020-04-22 12:19 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 252 bytes --]

New comment by xtraeme on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-617744964

Comment:
What @Hoshpak said. I still think that libressl has less vulnerabilities, maybe due to slower release date...

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (79 preceding siblings ...)
  2020-04-22 12:19 ` xtraeme
@ 2020-04-22 15:05 ` q66
  2020-04-23  2:36 ` the-maldridge
                   ` (26 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-22 15:05 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 218 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-617836159

Comment:
All software has vulnerabilities. I seriously doubt libressl has fewer of them.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (80 preceding siblings ...)
  2020-04-22 15:05 ` q66
@ 2020-04-23  2:36 ` the-maldridge
  2020-04-23  3:35 ` eli-schwartz
                   ` (25 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: the-maldridge @ 2020-04-23  2:36 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 629 bytes --]

New comment by the-maldridge on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618141960

Comment:
My 2 cents.  I am opposed to software monocultures, they stifle attempts to produce new and better implementations and tend to breed discontent among developers that wish to do something different.

If we were to accept OpenSSL I would recommend doing so in the same way we have gcompat.  It can be used in places where there is need for its specific interface, but otherwise not.  My preferred SSL implementation is BoringSSL, though it is unsuitable for use in a distribution.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (81 preceding siblings ...)
  2020-04-23  2:36 ` the-maldridge
@ 2020-04-23  3:35 ` eli-schwartz
  2020-04-23  4:43 ` constptr
                   ` (24 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: eli-schwartz @ 2020-04-23  3:35 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 1178 bytes --]

New comment by eli-schwartz on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618157192

Comment:
> Alpine also needs perl for bootstraping, and the perl `c_rehash` runtime script is not needed in our case, since our `ca-certifcates` package is not using it, so we can simply ignore it.

> They still have c implementation of `c_rehash` but as I said, it is not really needed and we can ignore it, since we use the debian ca_certificates update script.

Note that there's probably never a good excuse to use c_rehash at all, whether you use the debian ca_certificates script or not... because https://www.openssl.org/docs/man1.1.1/man1/openssl-rehash.html

tl;dr `/usr/bin/openssl rehash` and `/usr/bin/c_rehash` do the same thing, one in C and one in perl. It's unclear when you'd ever want to use the latter, and I think you might be hard-pressed to find software which invokes it. Someone tried to rewrite it in bash and PR it to openssl, but the PR was closed as "perl is easier to build on OpenVMS, that being said we might be able to just drop it entirely since you should just use the openssl app's rehash command".

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (82 preceding siblings ...)
  2020-04-23  3:35 ` eli-schwartz
@ 2020-04-23  4:43 ` constptr
  2020-04-23  7:59 ` fosslinux
                   ` (23 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: constptr @ 2020-04-23  4:43 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

New comment by constptr on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618174090

Comment:
I am not experienced/eligible to comment, but what about alternative SSL implementations like wolfssl ( claims openssl compatibility ) and GNU-TLS ? 

Openssl can avoid many manual patching though.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (83 preceding siblings ...)
  2020-04-23  4:43 ` constptr
@ 2020-04-23  7:59 ` fosslinux
  2020-04-23  8:23 ` travankor
                   ` (22 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: fosslinux @ 2020-04-23  7:59 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 3705 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618245112

Comment:
I agree with @the-maldridge, after some hard thinking and a discussion on IRC.

I'm not really concerned about OpenSSL in the repositories.

However, LibreSSL should be of first-class support, and OpenSSL should only be used where necessary for maintainability (eg, qt5). IMO, OpenSSL shouldn't be in the base system - xbps should stay with LibreSSL; no real reason to move it off it.

Saying all this, it is essential that the maintainers come to a decision how OpenSSL should be used **before it is merged**, and what will happen to LibreSSL (once again, I will strongly advocate for LibreSSL not being removed - rather still being first-class).

I see a number of options, ranked from most LibreSSL to most OpenSSL.

_No OpenSSL_
1. Do not merge OpenSSL.
_User choice, first-class support for LibreSSL; OpenSSL not well supported_
2. Merge OpenSSL, but do not have any packages depend upon it. Have it as a choice. Maintain full compatibility with LibreSSL, but don't require current packages to support OpenSSL. Do not include OpenSSL in the base system (default LibreSSL).
_User choice, first-class support for both_
3. Merge OpenSSL, but do not have any packages depend upon it. Have it as a choice. Maintain full compatibility with LibreSSL; quickly ensure all current packages to support OpenSSL. Do not include OpenSSL in the base system (default LibreSSL).
_Maintainer choice, but LibreSSL for base system_
4. Merge OpenSSL. Allow packages to depend upon it, and optionally drop LibreSSL specific patches. Packages will pull in either of OpenSSL or LibreSSL as required. Both could be installed on the same system. However, base packages should only include LibreSSL. Do not include OpenSSL in the base system.
_Maintainer choice, including base system - both in base system_
5. Merge OpenSSL. Allow packages to depend upon it, and optionally drop LibreSSL specific patches. Packages, including base packages, are allowed to pull in either of OpenSSL or LibreSSL as required. Both could be installed on the same system - and both will be installed as part of the base system.
_Maintainer choice, but OpenSSL for base system_
6. Merge OpenSSL. Convert all base system packages to use OpenSSL only (including xbps).  Allow packages to depend upon it, and optionally drop LibreSSL specific patches. Base system should only use OpenSSL. Both could be installed on the same system, but only OpenSSL will be in the base system. Maintainers can still choose to use LibreSSL, and most software can continue to do so (ex. base system).
_User choice, first-class support for OpenSSL; LibreSSL not well supported_
7. Merge OpenSSL. Convert all base system packages to use OpenSSL only (including xbps). All packages must work with OpenSSL - make this a priority - but not all have to work with LibreSSL. Include OpenSSL in the base system, and make it the default. Maintainers must use OpenSSL.
_OpenSSL only; no LibreSSL_
8. Merge OpenSSL. Convert all packages to use OpenSSL only. All packages must work with OpenSSL. Roadmap for LibreSSL to be removed from the repositories.

6 is likely to end up at 7 eventually.

I, personally, would hate 7 or 8. My opinion is 4. 3 and 5 would create too much maintainer work, 6 would lead to an extreme drop of support of LibreSSL in general, and  would eventually lead to 7. 1, 2 and 3 I would also be happy with (but 3 would create poor maintaership).

I would strongly recommend against 2 and 7 because all it's going to add is complex, dodgy code, broken software, and worse packaging.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (84 preceding siblings ...)
  2020-04-23  7:59 ` fosslinux
@ 2020-04-23  8:23 ` travankor
  2020-04-23 10:25 ` Duncaen
                   ` (21 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-04-23  8:23 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 615 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-612701546

Comment:
Another advantage: OpenSSL is switching to a license OpenBSD considers [non-free](https://www.openbsd.org/policy.html) (Apache-2.0, which Void considers free). This means the codebase between openssl and libressl is more likely to diverge.

I think having better software (ie: haskell ssl library keeps breaking with libressl) and hardware support (ie: aarch64 crypto acceleration) is more useful for Void than security (not that openssl is super insecure these days).

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (85 preceding siblings ...)
  2020-04-23  8:23 ` travankor
@ 2020-04-23 10:25 ` Duncaen
  2020-04-23 10:29 ` Duncaen
                   ` (20 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Duncaen @ 2020-04-23 10:25 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 255 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618319932

Comment:
Running both is not an option all reverse dependencies need to use the same one otherwise we get runtime errors.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (86 preceding siblings ...)
  2020-04-23 10:25 ` Duncaen
@ 2020-04-23 10:29 ` Duncaen
  2020-04-23 11:19 ` q66
                   ` (19 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Duncaen @ 2020-04-23 10:29 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 396 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618319932

Comment:
Running both is not an option all reverse dependencies need to use the same one otherwise we get runtime errors.

Edit: Excluding the few limited cases that require libtls. A per package decision on using libressl or openssl is a logistical nightmare.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (87 preceding siblings ...)
  2020-04-23 10:29 ` Duncaen
@ 2020-04-23 11:19 ` q66
  2020-04-23 11:20 ` constptr
                   ` (18 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-23 11:19 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 345 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618344090

Comment:
Mixing libressl and openssl in one system is a recipe for disaster as they share symbols.

Also, sticking primarily with libressl does not solve the problem of the experience being poor outside of x86_64.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (88 preceding siblings ...)
  2020-04-23 11:19 ` q66
@ 2020-04-23 11:20 ` constptr
  2020-04-24  6:34 ` Ypnose
                   ` (17 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: constptr @ 2020-04-23 11:20 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

New comment by constptr on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618174090

Comment:
I am not experienced/eligible to comment, but what about alternative SSL implementations like wolfssl ( claims openssl compatibility ) and GNU-TLS ? 

Openssl can avoid many manual patching though.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (89 preceding siblings ...)
  2020-04-23 11:20 ` constptr
@ 2020-04-24  6:34 ` Ypnose
  2020-04-24  7:32 ` the-maldridge
                   ` (16 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Ypnose @ 2020-04-24  6:34 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 182 bytes --]

New comment by Ypnose on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618830213

Comment:
Please, can you elaborate your comment ?

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (90 preceding siblings ...)
  2020-04-24  6:34 ` Ypnose
@ 2020-04-24  7:32 ` the-maldridge
  2020-04-24 14:01 ` q66
                   ` (15 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: the-maldridge @ 2020-04-24  7:32 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 612 bytes --]

New comment by the-maldridge on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-618853743

Comment:
I believe q66 is referring to openssl containing large amounts of hand optimized assembly for both modern and long dead platforms which accelerates certain arithmetic functions.  LibreSSL works primarily on x86_64.

Perhaps a better question to ask about this is why Void is seeing poor performance on non-x86 platforms.  OpenBSD builds on a number of different targets, and there aren't reports of poor performance that I'm aware of from a very cursory search.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (91 preceding siblings ...)
  2020-04-24  7:32 ` the-maldridge
@ 2020-04-24 14:01 ` q66
  2020-04-24 16:48 ` q66
                   ` (14 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-24 14:01 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 706 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-619029088

Comment:
@the-maldridge It's not just about hand optimized, it's also about access to hardware crypto, which libressl outside of x86_64 does not have, which results in significantly poorer throughput

1) openbsd builds a lot fewer targets than Linux, e.g. they don't have 64-bit ppc of any kind
2) people using openbsd don't care about performance a whole lot, e.g. there is still no reasonable SMP in openbsd
3) openbsd still uses the perl infra from openssl to generate asm for targets they build, while libressl-portable just has the x86_64 ones generated ahead of time

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (92 preceding siblings ...)
  2020-04-24 14:01 ` q66
@ 2020-04-24 16:48 ` q66
  2020-04-27 20:31 ` Vaelatern
                   ` (13 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: q66 @ 2020-04-24 16:48 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 309 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-619125471

Comment:
I ran some tests on ppc64le for comparison: https://gist.githubusercontent.com/q66/4f4dc63565cdfafb10c6dde1d3067648/raw/8d2243c22324212af35d3133455c0c7067ab088f/bench.txt

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (93 preceding siblings ...)
  2020-04-24 16:48 ` q66
@ 2020-04-27 20:31 ` Vaelatern
  2020-04-30 21:38 ` CameronNemo
                   ` (12 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Vaelatern @ 2020-04-27 20:31 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 698 bytes --]

New comment by Vaelatern on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-620217990

Comment:
Should note that dfly, an OS that cares a lot about SMP, does use libressl, but they are only x86_64.

It may be that openssl is no longer the tire fire it was when Void Linux switched. More importantly, it may be that adoption of OpenSSL is more in line with Void's philosophy than staying on LibereSSL.

But there is about to be a new LibreSSL release. I'd propose that we wait for that release and the rebuild following before we make a decision, to see if things are better or diverging openssl and libressl APIs are making things so much worse.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (94 preceding siblings ...)
  2020-04-27 20:31 ` Vaelatern
@ 2020-04-30 21:38 ` CameronNemo
  2020-05-01 17:59 ` marmeladema
                   ` (11 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: CameronNemo @ 2020-04-30 21:38 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 272 bytes --]

New comment by CameronNemo on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-622128466

Comment:
Regarding libtls, we may have an option in this library (note: I have not vetted this):

https://sr.ht/~mcf/libtls-bearssl/

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (95 preceding siblings ...)
  2020-04-30 21:38 ` CameronNemo
@ 2020-05-01 17:59 ` marmeladema
  2020-05-01 18:08 ` marmeladema
                   ` (10 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: marmeladema @ 2020-05-01 17:59 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 428 bytes --]

New comment by marmeladema on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-622494812

Comment:
By the way, new release of LibreSSL is out since early April:
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0-relnotes.txt
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0.tar.gz
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0.tar.gz.asc

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (96 preceding siblings ...)
  2020-05-01 17:59 ` marmeladema
@ 2020-05-01 18:08 ` marmeladema
  2020-05-04  3:56 ` concatime
                   ` (9 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: marmeladema @ 2020-05-01 18:08 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 502 bytes --]

New comment by marmeladema on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-622494812

Comment:
By the way, new release of LibreSSL is out since early April:
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0-relnotes.txt
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0.tar.gz
* https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0.tar.gz.asc

Well ... apparently its not a stable version. Sorry for the confusion.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (97 preceding siblings ...)
  2020-05-01 18:08 ` marmeladema
@ 2020-05-04  3:56 ` concatime
  2020-05-04  3:56 ` concatime
                   ` (8 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: concatime @ 2020-05-04  3:56 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 209 bytes --]

New comment by concatime on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-623245515

Comment:
@travankor, from the [link](), BearSSL does NOT implement TLS1.3

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (98 preceding siblings ...)
  2020-05-04  3:56 ` concatime
@ 2020-05-04  3:56 ` concatime
  2020-05-04  3:58 ` concatime
                   ` (7 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: concatime @ 2020-05-04  3:56 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 209 bytes --]

New comment by concatime on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-623245515

Comment:
@travankor, from the [link](), BearSSL does NOT implement TLS1.3

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (99 preceding siblings ...)
  2020-05-04  3:56 ` concatime
@ 2020-05-04  3:58 ` concatime
  2020-05-04  4:00 ` concatime
                   ` (6 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: concatime @ 2020-05-04  3:58 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 387 bytes --]

New comment by concatime on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-623245866

Comment:
(https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/)
@travankor, to be fair, BearSSL does [NOT](//bearssl.org/tls13.html) implement TLS 1.3.


^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (100 preceding siblings ...)
  2020-05-04  3:58 ` concatime
@ 2020-05-04  4:00 ` concatime
  2020-05-04 12:28 ` travankor
                   ` (5 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: concatime @ 2020-05-04  4:00 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 479 bytes --]

New comment by concatime on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-623245866

Comment:
(https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/)
@travankor, to be fair, BearSSL does [NOT](//bearssl.org/tls13.html) implement TLS 1.3.

It would have been cool if they also tested [MatrixSSL](//github.com/matrixssl/matrixssl).

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (101 preceding siblings ...)
  2020-05-04  4:00 ` concatime
@ 2020-05-04 12:28 ` travankor
  2020-05-15 19:48 ` imrn
                   ` (4 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: travankor @ 2020-05-04 12:28 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 395 bytes --]

New comment by travankor on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-623434182

Comment:
@concatime I only suggested to xtraeme that he considers a bearssl backend for xbps. Since he's gone, it's up to the community to decide.

I doubt anyone would port xbps to MatrixSSL, given that it changes the effective license of the derived work.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (102 preceding siblings ...)
  2020-05-04 12:28 ` travankor
@ 2020-05-15 19:48 ` imrn
  2020-05-15 20:55 ` Vaelatern
                   ` (3 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: imrn @ 2020-05-15 19:48 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 190 bytes --]

New comment by imrn on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-629448469

Comment:
#21994: Is it related with libressl? Any comments?

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (103 preceding siblings ...)
  2020-05-15 19:48 ` imrn
@ 2020-05-15 20:55 ` Vaelatern
  2020-05-15 20:55 ` Vaelatern
                   ` (2 subsequent siblings)
  107 siblings, 0 replies; 109+ messages in thread
From: Vaelatern @ 2020-05-15 20:55 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 163 bytes --]

New comment by Vaelatern on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-629478596

Comment:
@imrn not related.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (104 preceding siblings ...)
  2020-05-15 20:55 ` Vaelatern
@ 2020-05-15 20:55 ` Vaelatern
  2020-07-30 15:02 ` marmeladema
  2020-07-31  0:34 ` fosslinux
  107 siblings, 0 replies; 109+ messages in thread
From: Vaelatern @ 2020-05-15 20:55 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 172 bytes --]

New comment by Vaelatern on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-629478596

Comment:
@imrn probably not related.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (105 preceding siblings ...)
  2020-05-15 20:55 ` Vaelatern
@ 2020-07-30 15:02 ` marmeladema
  2020-07-31  0:34 ` fosslinux
  107 siblings, 0 replies; 109+ messages in thread
From: marmeladema @ 2020-07-30 15:02 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 443 bytes --]

New comment by marmeladema on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-666429462

Comment:
Has any consensus been reached?
On a personal note, I am starting to struggle using Void Linux on a daily basis because more and more things rely on recent protocols/algorithms not provided by libressl. For example, i have to either build openssl/cURL myself or rely on a docker version of cURL.

^ permalink raw reply	[flat|nested] 109+ messages in thread

* Re: [RFC] Switching back to OpenSSL
  2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
                   ` (106 preceding siblings ...)
  2020-07-30 15:02 ` marmeladema
@ 2020-07-31  0:34 ` fosslinux
  107 siblings, 0 replies; 109+ messages in thread
From: fosslinux @ 2020-07-31  0:34 UTC (permalink / raw)
  To: ml


[-- Attachment #1: Type: text/plain, Size: 173 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-666828682

Comment:
What is the issue with cURL?

^ permalink raw reply	[flat|nested] 109+ messages in thread

end of thread, back to index

Thread overview: 109+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-12 21:44 [ISSUE] [RFC] Switching back to OpenSSL Johnnynator
2020-04-13  0:45 ` travankor
2020-04-13  0:46 ` xtraeme
2020-04-13  0:48 ` protonesso
2020-04-13  0:55 ` q66
2020-04-13  0:57 ` q66
2020-04-13  0:58 ` q66
2020-04-13  1:00 ` travankor
2020-04-13  1:01 ` travankor
2020-04-13  8:58 ` pullmoll
2020-04-13  9:09 ` xtraeme
2020-04-13 10:57 ` xtraeme
2020-04-13 11:29 ` Duncaen
2020-04-13 12:02 ` Hoshpak
2020-04-13 12:04 ` xtraeme
2020-04-13 12:06 ` xtraeme
2020-04-13 12:09 ` xtraeme
2020-04-13 12:09 ` xtraeme
2020-04-16 12:16 ` Johnnynator
2020-04-16 12:18 ` xtraeme
2020-04-16 12:19 ` xtraeme
2020-04-16 12:20 ` xtraeme
2020-04-16 12:22 ` xtraeme
2020-04-16 12:26 ` Johnnynator
2020-04-16 12:29 ` Johnnynator
2020-04-16 12:29 ` xtraeme
2020-04-16 12:31 ` travankor
2020-04-16 12:32 ` xtraeme
2020-04-16 12:33 ` xtraeme
2020-04-16 12:34 ` travankor
2020-04-16 12:34 ` travankor
2020-04-16 12:34 ` travankor
2020-04-16 12:34 ` travankor
2020-04-16 12:35 ` xtraeme
2020-04-16 12:35 ` xtraeme
2020-04-16 12:37 ` xtraeme
2020-04-16 12:40 ` Johnnynator
2020-04-16 12:40 ` Johnnynator
2020-04-16 12:42 ` Johnnynator
2020-04-16 12:43 ` xtraeme
2020-04-16 12:45 ` xtraeme
2020-04-16 12:45 ` xtraeme
2020-04-16 12:51 ` travankor
2020-04-16 12:52 ` travankor
2020-04-16 12:53 ` xtraeme
2020-04-16 12:53 ` Johnnynator
2020-04-16 12:54 ` Johnnynator
2020-04-16 12:55 ` travankor
2020-04-16 12:58 ` travankor
2020-04-16 13:04 ` xtraeme
2020-04-16 13:04 ` xtraeme
2020-04-16 13:05 ` xtraeme
2020-04-16 13:06 ` travankor
2020-04-16 13:07 ` q66
2020-04-16 13:09 ` q66
2020-04-16 13:11 ` xtraeme
2020-04-16 13:12 ` xtraeme
2020-04-16 13:15 ` xtraeme
2020-04-16 13:15 ` q66
2020-04-16 13:18 ` xtraeme
2020-04-16 13:18 ` xtraeme
2020-04-16 13:19 ` q66
2020-04-16 13:21 ` xtraeme
2020-04-16 13:21 ` q66
2020-04-16 13:23 ` xtraeme
2020-04-16 13:24 ` q66
2020-04-16 13:26 ` Johnnynator
2020-04-16 13:28 ` q66
2020-04-16 13:33 ` xtraeme
2020-04-16 13:33 ` xtraeme
2020-04-16 13:35 ` xtraeme
2020-04-16 13:37 ` xtraeme
2020-04-17  6:18 ` Ypnose
2020-04-17  6:18 ` Ypnose
2020-04-17 10:06 ` travankor
2020-04-17 10:06 ` travankor
2020-04-17 10:06 ` travankor
2020-04-17 14:54 ` mobinmob
2020-04-21 21:35 ` howtologinquickwiththirtyninecharacters
2020-04-22 12:16 ` Hoshpak
2020-04-22 12:19 ` xtraeme
2020-04-22 15:05 ` q66
2020-04-23  2:36 ` the-maldridge
2020-04-23  3:35 ` eli-schwartz
2020-04-23  4:43 ` constptr
2020-04-23  7:59 ` fosslinux
2020-04-23  8:23 ` travankor
2020-04-23 10:25 ` Duncaen
2020-04-23 10:29 ` Duncaen
2020-04-23 11:19 ` q66
2020-04-23 11:20 ` constptr
2020-04-24  6:34 ` Ypnose
2020-04-24  7:32 ` the-maldridge
2020-04-24 14:01 ` q66
2020-04-24 16:48 ` q66
2020-04-27 20:31 ` Vaelatern
2020-04-30 21:38 ` CameronNemo
2020-05-01 17:59 ` marmeladema
2020-05-01 18:08 ` marmeladema
2020-05-04  3:56 ` concatime
2020-05-04  3:56 ` concatime
2020-05-04  3:58 ` concatime
2020-05-04  4:00 ` concatime
2020-05-04 12:28 ` travankor
2020-05-15 19:48 ` imrn
2020-05-15 20:55 ` Vaelatern
2020-05-15 20:55 ` Vaelatern
2020-07-30 15:02 ` marmeladema
2020-07-31  0:34 ` fosslinux

Github messages for voidlinux

Archives are clonable: git clone --mirror http://inbox.vuxu.org/voidlinux-github

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.github.voidlinux


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git