On 2016-07-28 22:54, Frank Groeneveld wrote:
On Thu, Jul 28, 2016 at 12:54:52PM +0100, Stuart Henderson wrote:
On 2016/07/28 01:02, Tinker wrote:
> On 2016-07-27 16:36, Frank Groeneveld wrote:
> > Attached patch updates wkhtmltopdf to the latest release. Some important
> > security fixes (OpenSSL updates) were added ..
>
> Can't it use the system's LibreSSL version??
>
I'm pretty sure it is, otherwise we wouldn't have needed the
OPENSSL_NO_SSL3
patches.
Yes, it doesn't use the bundled OpenSSl version, sorry for the
confusion. It seems [..]
I understand why Wkhtmltopdf builds its own QT: it needs cutom
formatting patches and the like, that the ordinary QT not has.
Wkhtmltopdf bundling its own OpenSSL sounds not only useless (bc
Wkhtmltopdf does not rely on any custom functionality via patches,
right?), but also dangerous?
Afterall OpenSSL is one of the nastiest open-source libraries in
widespread use.
Could Wkhtmltopdf be made to use the OS-bundled LibreSSL instead, do you
see any conceptual problems about doing that?
