update openssl port

Duss Pirmin pirmin.duss at gapfruit.com
Thu Dec 17 09:10:44 CET 2020


Hi Genodians

On December 08. 2020 the openssl project issued a security advisory
(https://www.openssl.org/news/secadv/20201208.txt).

I started looking into binging the latest version of openssl (1.1.1i) to
Genode. I have a first version of the library that compiles on x86_64.

When I started testing components I encountered the following things:
 - `wpa_supplicant` (wifi driver) compiles, but running it fails due to
a symbol the dynamic linker can't find
 - `lighttpd` compiles, but running it fails due to a symbol the dynamic
linker can't find
 - `libssh` doesn't compile (it looks, as it uses data structures that
were moved to internal only in version 1.1.x of openssl)
 - `openvpn` (repo genode-world) doesn't compile (it looks, as it uses
data structures that were moved to internal only in version 1.1.x of
openssl)
 - `grpc` (repo genode-world) compiles with some warnings about using
deprecated functions
 - `grpc_tls/client` and `grpc_tls/server` (repo genode-world) can be built

I'm thinking about how to proceed with this. One way that I see, is to
create a separate port (e.g. `openssl_1.1`) that provides the updated
library.
Then each component can choose to use the old or the new version of the
library. When a component (or library) is updated, one can choose to
switch to the new
library if it is supported. In the long run the old version of openssl
could then be removed once all users of it have switched.

Do you agree with proceeding according to this plan or would you
approach this differently?

Best regards,
Pirmin



More information about the users mailing list