FS#59734 - [ipsec-tools] openssl-1.1 support

Attached to Project: Community Packages
Opened by Geert Hendrickx (ghen) - Tuesday, 21 August 2018, 09:55 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 20 January 2020, 17:47 GMT
Task Type Feature Request
Category Packages
Status Closed
Assigned To Sergej Pupykin (sergej)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

ipsec-tools is one of the packages that still depend on openssl-1.0.

I pulled a patch for openssl-1.1 support from the ipsec-tools mailing list: https://sourceforge.net/p/ipsec-tools/mailman/message/36330294/

The attached diff integrates this patch into the Arch package.

Unfortunately, there was no response from upstream so far - the project seems quite dead - so no guarantee this will ever be integrated upstream...

If you decide against including a 3rd party patch, I propose an alternative solution as well:

Since only the racoon component of ipsec-tools links to libcrypto, openssl-1.0 could be moved into optdepends (and makedepends), so you can avoid installing openssl-1.0 if you don't need racoon for dynamic key management (like me, I only use static keys). Or racoon could be split into a separate package, but that's probably too drastic. Either way, it will have to move on to openssl 1.1 eventually, so this is not a long term solution.

This task depends upon

Closed by  Sergej Pupykin (sergej)
Monday, 20 January 2020, 17:47 GMT
Reason for closing:  Won't implement
Comment by Geert Hendrickx (ghen) - Tuesday, 21 August 2018, 09:55 GMT
optdepends diff

(Strictly speaking, krb5 could then move to optdepends as well, as again only racoon is linked to it, but krb5 is a very common depedency unlike openssl-1.0)
Comment by Geert Hendrickx (ghen) - Tuesday, 21 August 2018, 14:23 GMT
Actually I just found an alternative for my static keys & policies, these can be manipulated directly with bare iproute2: ip-xfrm(8)
So I got rid of ipsec-tools altogether.

racoon users should probably look into actively maintained alternatives like strongswan.
Comment by Sergej Pupykin (sergej) - Monday, 20 January 2020, 17:47 GMT
moved to aur

Loading...