Description
As openssl version 1.1.1 reaches EOL on September 11. 2023 [1] , we do want to provide an update to a more recent version (3.1.1). See also my posting on the mailing list [2].
The original plan was to provide it as a separate port (openssl3) in parallel to the current one. That way every user of openssl would be able to choose when to update to the new version.
During the creation of a port for the TPM2-openssl [3] provider we discovered, that the original plan might not be realized so easy. The other dependencies (libcurl, libssh) of this component also depend on libcrypto/libssl. Which means, that we also need to update these and their transitive dependencies. This will probably be the case for most components that use openssl. In the end there would be a lot of components/libraries that change.
One way that we see to reduce the number of affected components is to just update the openssl port to use the new version. There will still be some components affected, as with the default -Werror flag the deprecated warnings of the new library will cause compilation errors.
We would be willing in adapt all components/libraries that depend on openssl. We know that at least the following repositories are affected by this:
- genode
- genode-world
- genode-allwinner (WiFi driver)
Maybe some one sees an other solution, which we weren't able to see yet.
[1] https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL
[2] https://lists.genode.org/pipermail/users/2023-July/008777.html
[3] https://github.com/tpm2-software/tpm2-openssl