Change History (25)

comment:1 Changed 2 years ago by jmroot (Joshua Root)

PyPy will not build against OpenSSL 1.1 at this point, JFYI.

comment:2 Changed 2 years ago by ryandesign (Ryan Schmidt)

Cc: cal@… added; cal@… removed

comment:3 in reply to:  1 Changed 2 years ago by jmroot (Joshua Root)

Replying to jmroot:

PyPy will not build against OpenSSL 1.1 at this point, JFYI.

Fixed as of PyPy 5.6.

comment:4 Changed 2 years ago by l2dy (Zero King)

Cc: l2dy added

comment:5 Changed 23 months ago by Schamschula (Marius Schamschula)

Cc: Schamschula added

comment:6 Changed 14 months ago by mf2k (Frank Schima)

Any update on this?

It is needed for #54734.

comment:7 Changed 14 months ago by neverpanic (Clemens Lang)

@larryv, any opinion on this? I think we should be good to update now. Software that hasn't been fixed to work with OpenSSL 1.1 by now is probably rare.

comment:8 Changed 12 months ago by mf2k (Frank Schima)

Cc: 1st1 added

Has duplicate #55755.

comment:9 Changed 12 months ago by 1st1 (Yury Selivanov)

Python 3.7 requires OpenSSL 1.1. It's not possible to build it with ssl support and OpenSSL 1.0.2.

comment:10 Changed 12 months ago by 1st1 (Yury Selivanov)

Nevermind, Python 3.7 compiles with OpenSSL 1.0.2n. Just use "./configure --with-openssl=/opt/local/"

comment:11 Changed 10 months ago by gaming-hacker (G Alexander)

i started hacking on the portfile but there are errors trying to copy one of the headers. if you add the rfc variant, it doesn't build

version             1.1.0g
checksums           sha1    e8240a8be304d4317a750753321b073c664bfdd4 \
                    sha256  de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af
Last edited 2 months ago by ryandesign (Ryan Schmidt) (previous) (diff)

comment:12 Changed 10 months ago by gaming-hacker (G Alexander)

has anyone experimented with sha3? encoding a video stream? using it over a tor socket?

comment:13 Changed 6 months ago by aque (Allan Que)

Cc: aque added

comment:14 Changed 6 months ago by aque (Allan Que)

I got version 1.1.0h to build on my branch and tests passed under High Sierra. py35-m2crypto (a port I maintain) also passed its tests. However, the following failed to rev-upgrade on my system:

  • cyrus-sasl2 - requires a backport from 2.1.27-rc7
  • rtmpdump
  • cargo / cargo-stage1

xar also failed but I found and applied a patch. The others are beyond my ability. I did find a FreeBSD issues wikipage that helps.

comment:15 Changed 4 months ago by yan12125 (Chih-Hsuan Yen)

Cc: yan12125 added

comment:16 Changed 4 months ago by yan12125 (Chih-Hsuan Yen)

comment:17 Changed 4 months ago by mf2k (Frank Schima)

Summary: openssl @1.0.2h_1: update to 1.1.0openssl @1.0.2h_1: update to 1.1.1

comment:18 Changed 4 months ago by pmetzger (Perry E. Metzger)

Re: the 1.1.1 release:

We are on the previous LTS which only has support to the end of this calendar year, and it will take a while to upgrade, so it might make sense to begin the work now so that we can do it at a reasonable pace. 1.1.1 also is the first release with TLS 1.3 support, which we likely really really want.

comment:19 Changed 4 months ago by pmetzger (Perry E. Metzger)

Cc: pmetzger added

comment:20 Changed 4 months ago by alexwhitewhale (Alexander Romanovich)

Cc: alexwhitewhale added

comment:21 Changed 4 months ago by yan12125 (Chih-Hsuan Yen)

Some old software will never get OpenSSL 1.1 compatibility as they have been dropped upstream before OpenSSL 1.1.0 is released. Examples are Python 2.x < 2.7 and 3.x < 3.5 (1). If MacPorts switches to OpenSSL 1.1, what to do with those ports? IMO backporting is not an option for old Python versions as the patch is quite big.

In Arch Linux, OpenSSL 1.0 and 1.1 co-exist, and old packages are built against OpenSSL 1.0. An issue in such an approach is that OpenSSL 1.0 should be built with versioned symbols (2) so that there are no conflicts if a program (directly or indirectly) links to both OpenSSL 1.0 and 1.1. I'm not sure if it's a problem or not in macOS/Mach-O.

(1) https://bugs.python.org/issue26470

(2) https://git.archlinux.org/svntogit/packages.git/tree/trunk/openssl-1.0-versioned-symbols.patch?h=packages/openssl-1.0

comment:22 Changed 4 months ago by pmetzger (Perry E. Metzger)

We are dropping support for python below 2.7 already, as well as for python 3 before 3.4. We can start dropping before 3.5 as well.

We could start statically linking other old packages against OpenSSL 1.0 to resolve internal dependencies perhaps? Not sure if it would work. Regardless. we can't support unsupported stuff forever. It's madness in the end.

comment:23 in reply to:  22 Changed 2 months ago by ryandesign (Ryan Schmidt)

Replying to pmetzger:

We could start statically linking other old packages against OpenSSL 1.0 to resolve internal dependencies perhaps?

Definitely not, for all the usual reasons why we don't static link.

comment:24 Changed 2 months ago by smwardle

Cc: smwardle added

comment:25 Changed 5 weeks ago by dmarteau (David Marteau)

Cc: dmarteau added
Note: See TracTickets for help on using tickets.