[gentoo-dev] non conflicting libressl?

[gentoo-dev] non conflicting libressl?

[Jason A. Donenfeld]

Hey,

For a long time now, OpenSMTPD stopped supporting OpenSSL, only
supporting LibreSSL. For that reason Gentoo's opensmtpd ebuild is
stuck on the 6.0 version. I'm not happy about this.

It looks like other distros solve this by allowing libressl to install
its libraries to /usr/lib/libressl or similar, so that they can
coexist with openssl, allowing programs like OpenSMTPD.

Any libressl developers interested in this sort of thing?

Jason

Re: [gentoo-dev] non conflicting libressl?

[Marcel Schilling]

Hey Jason,


I'd be surprised if anyone felt like having too much time at there hands to
pick this up but I come from the other side (I use libressl and sometimes
run into packages expecting openssl).
One thing I was wondering is if there is something like slot support for
virtuals that would allow most packages depending on any slot but others
on a specific slot.

Personally I don't have the knowledge to tackle a problem like this and
rather keep on patching openssl-only ebuilds to work with libressl or miss
out on packages/updates until somebody else get's to solving this.


Best,

Marcel


On Wed, Jan 29, 2020 at 10:27:04AM +0100, Jason A. Donenfeld wrote:
> Hey,
> 
> For a long time now, OpenSMTPD stopped supporting OpenSSL, only
> supporting LibreSSL. For that reason Gentoo's opensmtpd ebuild is
> stuck on the 6.0 version. I'm not happy about this.
> 
> It looks like other distros solve this by allowing libressl to install
> its libraries to /usr/lib/libressl or similar, so that they can
> coexist with openssl, allowing programs like OpenSMTPD.
> 
> Any libressl developers interested in this sort of thing?
> 
> Jason

Re: [gentoo-dev] non conflicting libressl?

[Patrick Steinhardt]

[-- Attachment #1: Type: text/plain, Size: 1313 bytes --]

On Wed, Jan 29, 2020 at 10:27:04AM +0100, Jason A. Donenfeld wrote:
> For a long time now, OpenSMTPD stopped supporting OpenSSL, only
> supporting LibreSSL. For that reason Gentoo's opensmtpd ebuild is
> stuck on the 6.0 version. I'm not happy about this.

I've got OpenSMTPD v6.6.2-p1 running on Gentoo with OpenSSL 1.1
without any patches or problems whatsoever. So while upstream
encourages to use LibreSSL, OpenSSL is still supported by
OpenSMTPD. Quoting their CHANGES.md:

    It's preferable to depend on LibreSSL as OpenSMTPD is written
    and tested with that dependency. In addition, the features
    parity is not respected, some features will not be available
    with OpenSSL, like ECDSA server-side certificates support in
    this release. OpenSSL library is considered as a best effort
    target TLS library and provided as a commodity, LibreSSL has
    become our target TLS library.

So as long as you don't require any features implemented with
libressl, only, you should be fine.

> It looks like other distros solve this by allowing libressl to install
> its libraries to /usr/lib/libressl or similar, so that they can
> coexist with openssl, allowing programs like OpenSMTPD.
> 
> Any libressl developers interested in this sort of thing?
> 
> Jason

Patrick

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]