On Jun 24 20:13, Matthias Andree wrote: > Corinna Vinschen wrote on 2010-06-24: > >I have no idea about this stuff. I'm maintaining openssl primarily > >since it's required for openssh. If there's anything which isn't > >fixed upstream, it won't be fixed for Cygwin. The Cygwin 1.0.0a-1 > >package is from the vanilla sources. The 0.9.8 runtime libs will > >only be kept in place until all packages using it have been converted to > >1.0.0. I have no incentive to keep old runtime libs indefinitely. > > Then please hold your horses. Do it wrong and the upgrade breaks > OpenSSL on lots of installations. > > And: if the upgrade isn't done properly, bug reports about this will > often be misfiled with the application programmers as regressions. > <http://www.fetchmail.info/fetchmail-FAQ.html#R14> and > <http://www.fetchmail.info/> bear testimonies of such misfilings :) > > Here's the short scoop: > > - OpenSSL 1.0.0 uses a different hash for /usr/ssl/certs than 0.9.8 > did, so after the default ssl version is upgraded to 1.0.0, c_rehash > needs to be run on that directory.
Openssl does not come with any certificate and there's no certificate package in Cygwin either. AFAICS it would be sufficient to move to another ssl directory like, say, /usr/share/ssl instead of /usr/ssl. The user can copy and rehash any certificates manually, or install root certificates from scratch for 1.0.0. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat
