Skip to main content
Topic: LibreSSL (Read 1973 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

LibreSSL

Hi!

Has the transition to LibreSSL ever been considered?

Do you think could be possible?

Thank you, cheers

Re: LibreSSL

Reply #1
Possible, maybe. But I personally won't consider it.

1. There are several packages that can't be built with LibreSSL and require patches. We'll have to maintain those ourselves.

2. We're still have some dependencies on Arch packages, and those packages are built with OpenSSL.
now only the dinit guy in artix

Re: LibreSSL

Reply #2
Guys from OpenSMTPD got sick of trying to support OpenSSL and switched to LibreSSL exclusively, effectively the freshest OpenSMTPD version requires LibreSSL, while I'm (we're) stuck on 6.0.3p1-3. What would break if I were to replace OpenSSL with LibreSSL?

Re: LibreSSL

Reply #3
LibreSSL is not as a drop-in replacement for OpenSSL as it would like and many a thing would break if the latter were completely removed. Plus, the latter has gotten considerably higher quality support since the Heartbleed CVE. Read also Alpine's decision to switch back to OpenSSL:
http://lists.alpinelinux.org/alpine-devel/6073.html
http://lists.alpinelinux.org/alpine-devel/6308.html

Re: LibreSSL

Reply #4
If you do
Code: [Select]
# pacman -R openssl

then it will tell you what is installed that depends on it. Perhaps you could create modified pkgbuilds of them for libressl. Looking at openssl things also revealed I had a surplus openssl-1.0 package installed. This used to be a dependency of wpa-supplicant but is not used any more, and I was able to remove it. So that was a helpful side effect of reading this discussion, thanks!  :D

 

Re: LibreSSL

Reply #5
Quote
then it will tell you what is installed that depends on it.

To see what packages requires given package you can run:

Code: [Select]
pacman -Qi <package>

Example, with small helper:
Code: [Select]
pacman -Qi openssl | grep -i required