[OE-core] [meta-oe][RFC][PATCH] Remove openssl10
Adrian Bunk
bunk at stusta.de
Fri Apr 26 15:50:38 UTC 2019
On Fri, Apr 26, 2019 at 10:31:03AM -0500, Mark Hatle wrote:
> On 4/26/19 12:12 AM, Adrian Bunk wrote:
> > On Thu, Apr 25, 2019 at 03:18:47PM -0500, Mark Hatle wrote:
> >> On 4/25/19 2:28 PM, Adrian Bunk wrote:
> >>> Would you consider this patch appropriate now that warrior has branched?
> >>
> >> The use of OpenSSL10 as a 'second library' is likely no longer needed. But
> >> OpenSSL 1.0 (as an alternative version) to OpenSSL 1.1 is still needed in some
> >> cases.. (FIPS-140-2)
> >
> > Is anyone actually security-maintaining OpenSSL in OE?
>
> -In- OE? I have no idea.
>
> Outside of OE to meet the OpenSSL-FIPS 'you must not modify the sources and
> follow these exact steps', yes people are.
>...
Why does this need OpenSSL 1.0 in Yocto?
How does this look as OE recipe?
I would say that an OpenSSL-FIPS recipe might now perhaps need an
openssl_1.1.1%.bbappend re-adding the three openssl-conf lines my
patch removes.
Do I miss anything more complicated here?
> --Mark
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
More information about the Openembedded-core
mailing list