This is the mail archive of the cygwin-announce mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

openssl 1.1.1b-1

From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
To: cygwin-announce at cygwin dot com
Date: Sun, 17 Mar 2019 20:30:38 -0400
Subject: openssl 1.1.1b-1
Reply-to: The Cygwin Mailing List <cygwin at cygwin dot com>

The following packages have been uploaded to the Cygwin distribution:

* openssl-1.1.1b-1
* openssl-perl-1.1.1b-1
* libssl1.1-1.1.1b-1
* libssl-devel-1.1.1b-1
* libssl1.0-1.0.2r-2
* libssl1.0-devel-1.0.2r-2

The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and protocols.

This is a major update to the latest upstream release, which includes 
the following changes:

* 1.1 changes the API to make data structures opaque to applications. By 
now, most active projects have updated their code for 1.1 compatibility, 
which is why we waited until now to switch to the 1.1 branch.  If you 
have code that still needs to be ported, the following may be of help:

https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes

* Most of Fedora's patchset has been applied.

* The /usr/ssl directory has been replaced by /etc/pki/tls.  In that 
directory, there are two separate config files, openssl.cnf for 1.1 and 
openssl10.conf for 1.0.

* Due to this change, ca-certificates 2.26 is required.

* Support for system crypto policies has been enabled.

* The upstream location of engines has changed for 1.1, and 1.0 has moved
for consistency.  This should be mostly transparent, except for users which
have built their own engines, which should now be rebuilt anyway.

* The 1.0 library is still provided for binary compatibility with existing 
packages.

* For those (hopefully rare) packages which are not compatible with 1.1 
and for which such a patch cannot be found, a -devel package for 1.0 is 
also available.  In order to use it, when pkg-config is used to find 
openssl, you must add /usr/lib/openssl-1.0/lib/pkgconfig to PKG_CONFIG_PATH, 
otherwise you must add /usr/lib/openssl-1.0/include to your includepath and 
/usr/lib/openssl-1.0/lib to your libpath.  (The exact method will depend on 
the package.)

However, please note that 1.0 will only be supported with security fixes 
for the remainder of the calendar year, so now is the time to rebuild 
your code and packages with, or port them to, 1.1.

--
Yaakov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]