Change History (22)

comment:1 Changed 2 years ago by jmroot (Joshua Root)

PyPy will not build against OpenSSL 1.1 at this point, JFYI.

comment:2 Changed 2 years ago by ryandesign (Ryan Schmidt)

Cc: cal@… added; cal@… removed

comment:3 in reply to:  1 Changed 2 years ago by jmroot (Joshua Root)

Replying to jmroot:

PyPy will not build against OpenSSL 1.1 at this point, JFYI.

Fixed as of PyPy 5.6.

comment:4 Changed 21 months ago by l2dy (Zero King)

Cc: l2dy added

comment:5 Changed 20 months ago by Schamschula (Marius Schamschula)

Cc: Schamschula added

comment:6 Changed 11 months ago by mf2k (Frank Schima)

Any update on this?

It is needed for #54734.

comment:7 Changed 11 months ago by neverpanic (Clemens Lang)

@larryv, any opinion on this? I think we should be good to update now. Software that hasn't been fixed to work with OpenSSL 1.1 by now is probably rare.

comment:8 Changed 9 months ago by mf2k (Frank Schima)

Cc: 1st1 added

Has duplicate #55755.

comment:9 Changed 9 months ago by 1st1 (Yury Selivanov)

Python 3.7 requires OpenSSL 1.1. It's not possible to build it with ssl support and OpenSSL 1.0.2.

comment:10 Changed 9 months ago by 1st1 (Yury Selivanov)

Nevermind, Python 3.7 compiles with OpenSSL 1.0.2n. Just use "./configure --with-openssl=/opt/local/"

comment:11 Changed 7 months ago by gaming-hacker (G Alexander)

i started hacking on the portfile but there are errors trying to copy one of the headers. if you add the rfc variant, it doesn't build

version 1.1.0g checksums sha1 e8240a8be304d4317a750753321b073c664bfdd4 \

sha256 de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af

comment:12 Changed 7 months ago by gaming-hacker (G Alexander)

has anyone experimented with sha3? encoding a video stream? using it over a tor socket?

comment:13 Changed 3 months ago by aque (Allan Que)

Cc: aque added

comment:14 Changed 3 months ago by aque (Allan Que)

I got version 1.1.0h to build on my branch and tests passed under High Sierra. py35-m2crypto (a port I maintain) also passed its tests. However, the following failed to rev-upgrade on my system:

  • cyrus-sasl2 - requires a backport from 2.1.27-rc7
  • rtmpdump
  • cargo / cargo-stage1

xar also failed but I found and applied a patch. The others are beyond my ability. I did find a FreeBSD issues wikipage that helps.

comment:15 Changed 6 weeks ago by yan12125 (Chih-Hsuan Yen)

Cc: yan12125 added

comment:16 Changed 6 weeks ago by yan12125 (Chih-Hsuan Yen)

comment:17 Changed 6 weeks ago by mf2k (Frank Schima)

Summary: openssl @1.0.2h_1: update to 1.1.0openssl @1.0.2h_1: update to 1.1.1

comment:18 Changed 6 weeks ago by pmetzger (Perry E. Metzger)

Re: the 1.1.1 release:

We are on the previous LTS which only has support to the end of this calendar year, and it will take a while to upgrade, so it might make sense to begin the work now so that we can do it at a reasonable pace. 1.1.1 also is the first release with TLS 1.3 support, which we likely really really want.

comment:19 Changed 6 weeks ago by pmetzger (Perry E. Metzger)

Cc: pmetzger added

comment:20 Changed 6 weeks ago by alexwhitewhale (Alexander Romanovich)

Cc: alexwhitewhale added

comment:21 Changed 6 weeks ago by yan12125 (Chih-Hsuan Yen)

Some old software will never get OpenSSL 1.1 compatibility as they have been dropped upstream before OpenSSL 1.1.0 is released. Examples are Python 2.x < 2.7 and 3.x < 3.5 (1). If MacPorts switches to OpenSSL 1.1, what to do with those ports? IMO backporting is not an option for old Python versions as the patch is quite big.

In Arch Linux, OpenSSL 1.0 and 1.1 co-exist, and old packages are built against OpenSSL 1.0. An issue in such an approach is that OpenSSL 1.0 should be built with versioned symbols (2) so that there are no conflicts if a program (directly or indirectly) links to both OpenSSL 1.0 and 1.1. I'm not sure if it's a problem or not in macOS/Mach-O.

(1) https://bugs.python.org/issue26470

(2) https://git.archlinux.org/svntogit/packages.git/tree/trunk/openssl-1.0-versioned-symbols.patch?h=packages/openssl-1.0

comment:22 Changed 6 weeks ago by pmetzger (Perry E. Metzger)

We are dropping support for python below 2.7 already, as well as for python 3 before 3.4. We can start dropping before 3.5 as well.

We could start statically linking other old packages against OpenSSL 1.0 to resolve internal dependencies perhaps? Not sure if it would work. Regardless. we can't support unsupported stuff forever. It's madness in the end.

Note: See TracTickets for help on using tickets.