Re: [gentoo-dev] non conflicting libressl?

[Patrick Steinhardt <ps@pks.im>]

[-- Attachment #1: Type: text/plain, Size: 1313 bytes --]

On Wed, Jan 29, 2020 at 10:27:04AM +0100, Jason A. Donenfeld wrote:
> For a long time now, OpenSMTPD stopped supporting OpenSSL, only
> supporting LibreSSL. For that reason Gentoo's opensmtpd ebuild is
> stuck on the 6.0 version. I'm not happy about this.

I've got OpenSMTPD v6.6.2-p1 running on Gentoo with OpenSSL 1.1
without any patches or problems whatsoever. So while upstream
encourages to use LibreSSL, OpenSSL is still supported by
OpenSMTPD. Quoting their CHANGES.md:

    It's preferable to depend on LibreSSL as OpenSMTPD is written
    and tested with that dependency. In addition, the features
    parity is not respected, some features will not be available
    with OpenSSL, like ECDSA server-side certificates support in
    this release. OpenSSL library is considered as a best effort
    target TLS library and provided as a commodity, LibreSSL has
    become our target TLS library.

So as long as you don't require any features implemented with
libressl, only, you should be fine.

> It looks like other distros solve this by allowing libressl to install
> its libraries to /usr/lib/libressl or similar, so that they can
> coexist with openssl, allowing programs like OpenSMTPD.
> 
> Any libressl developers interested in this sort of thing?
> 
> Jason

Patrick

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]