Hi On 2022-05-27 15:36:53 +0200, Kurt Roeckx wrote: > On Thu, May 26, 2022 at 06:26:57PM +0200, Sebastian Ramacher wrote: > > > > That leaves #1011051. What's your view on that bug? > > So my understanding is that 1.1.1 doesn't understand the new > configuration file and tries to load an engine (instead of a > provider). > > We could ship a file that's comptabile with 1.1.1. That would make it > a little bit harder to load some providers by default, but maybe that's > something you want to do per application anyway.
If that works, let's do that. Otherwise I'd fear that the only other options are openssl breaking libssl1.1 or renaming /etc/ssl/openssl.cnf to have a version specific name. Given the high number reverse dependencies involved in this transition (and also those depending on bin:openssl), I'd prefer to avoid a Breaks that could have the potential to force the libssl1.1 -> libssl3 upgrade to be more of a lockstep transition than needed. Best Sebastian -- Sebastian Ramacher
