FS#59734 - [ipsec-tools] openssl-1.1 support
Attached to Project:
Community Packages
Opened by Geert Hendrickx (ghen) - Tuesday, 21 August 2018, 09:55 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 20 January 2020, 17:47 GMT
Opened by Geert Hendrickx (ghen) - Tuesday, 21 August 2018, 09:55 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 20 January 2020, 17:47 GMT
|
Details
ipsec-tools is one of the packages that still depend on
openssl-1.0.
I pulled a patch for openssl-1.1 support from the ipsec-tools mailing list: https://sourceforge.net/p/ipsec-tools/mailman/message/36330294/ The attached diff integrates this patch into the Arch package. Unfortunately, there was no response from upstream so far - the project seems quite dead - so no guarantee this will ever be integrated upstream... If you decide against including a 3rd party patch, I propose an alternative solution as well: Since only the racoon component of ipsec-tools links to libcrypto, openssl-1.0 could be moved into optdepends (and makedepends), so you can avoid installing openssl-1.0 if you don't need racoon for dynamic key management (like me, I only use static keys). Or racoon could be split into a separate package, but that's probably too drastic. Either way, it will have to move on to openssl 1.1 eventually, so this is not a long term solution. |
This task depends upon
Closed by Sergej Pupykin (sergej)
Monday, 20 January 2020, 17:47 GMT
Reason for closing: Won't implement
Monday, 20 January 2020, 17:47 GMT
Reason for closing: Won't implement
(Strictly speaking, krb5 could then move to optdepends as well, as again only racoon is linked to it, but krb5 is a very common depedency unlike openssl-1.0)
So I got rid of ipsec-tools altogether.
racoon users should probably look into actively maintained alternatives like strongswan.