On 2016-12-03 12:14:38 [+0100], Stefan Fritsch wrote: > On Friday, 2 December 2016 00:16:24 CET Sebastian Andrzej Siewior wrote: > > is there a reason for gridsite not to go for 3.0 (or backport the > > change) and libssl-dev? Apache stays 1.0 but does not expose anything > > SSL related (unless I read #828236 too quick). > > (assuming you meant 1.1 instead of 3.0). Unfortunately, gridsites uses apache > private structures to get to the SSL related stuff and then uses openssl > functions on it. So gridsite absolutely must use the same openssl version as > apache.
I read somewhere that gridsite 3.0 supports openssl 1.1.0. And I read in the apache bug that they no longer depend on openssl headers in their apache dev headers. I had no idea, that apache exposes the SSL struct to their users. Since gridsite depends on curl as well, I am going to chec the curl usage is safe in reard to 1.1.0… Thanks for the info. Sebastian
