From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id EB3C9138A1A for ; Fri, 23 Jan 2015 20:18:30 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 85DA4E0831; Fri, 23 Jan 2015 20:18:25 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A4A2AE07ED for ; Fri, 23 Jan 2015 20:18:24 +0000 (UTC) Received: from 127.0.0.1 (chomsky.torservers.net [77.247.181.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: hasufell) by smtp.gentoo.org (Postfix) with ESMTPSA id 8D48C340709 for ; Fri, 23 Jan 2015 20:18:21 +0000 (UTC) Message-ID: <54C2AC87.2020707@gentoo.org> Date: Fri, 23 Jan 2015 20:18:15 +0000 From: hasufell Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [RFC] LibreSSL, introduce virtual/openssl References: <53C12C21.6070605@gentoo.org> <54C1A91C.8010702@gentoo.org> <20150123065607.74cd64d1@pomiot.lan> <54C24BAE.6080206@gentoo.org> In-Reply-To: <54C24BAE.6080206@gentoo.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 9a545b4c-a914-44ee-8176-2eeec96aa2d1 X-Archives-Hash: 256b3d167c97371868dd2c8f338ba21a Anthony G. Basile: > On 01/23/15 00:56, Michał Górny wrote: >> Dnia 2015-01-23, o godz. 01:51:24 >> hasufell napisał(a): >> >>> Regarding the last libav discussion I think we should also go with a >>> "libressl" USE flag instead of creating a virtual that makes handling >>> SUBSLOTs impossible. >> If libressl and openssl would have matching ABIs, that wouldn't be >> necessary and you could what virtual/libudev does, i.e. explicit >> subslot deps. >> > *if* I'm not sure they will even though that's the plan. If you look > in the libressl overlay, you'll see lots of patches to make big ticket > items like apache play nice with libressl. These patches involve things > like > > +#ifndef HAVE_SSL_CTX_USE_CERTIFICATE_CHAIN > int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, > pem_password_cb *); > +#else > + int _SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, > pem_password_cb *); > +#endif > > which points to the differences in functions are being exported by the > two. This makes me lean towards a USE flag which can also be tied to > applying patches rather than a virtual which is better suited for simple > drop in substitutions. > The problem I see now is that people will have a hard time to actually switch, because unlike gnutls we cannot have openssl and libressl be installed at the same time. For people to be able to switch we'd have to add libressl USE flags everywhere, even if we don't know if it builds.