1 |
On Wed, Jan 29, 2020 at 10:27:04AM +0100, Jason A. Donenfeld wrote: |
2 |
> For a long time now, OpenSMTPD stopped supporting OpenSSL, only |
3 |
> supporting LibreSSL. For that reason Gentoo's opensmtpd ebuild is |
4 |
> stuck on the 6.0 version. I'm not happy about this. |
5 |
|
6 |
I've got OpenSMTPD v6.6.2-p1 running on Gentoo with OpenSSL 1.1 |
7 |
without any patches or problems whatsoever. So while upstream |
8 |
encourages to use LibreSSL, OpenSSL is still supported by |
9 |
OpenSMTPD. Quoting their CHANGES.md: |
10 |
|
11 |
It's preferable to depend on LibreSSL as OpenSMTPD is written |
12 |
and tested with that dependency. In addition, the features |
13 |
parity is not respected, some features will not be available |
14 |
with OpenSSL, like ECDSA server-side certificates support in |
15 |
this release. OpenSSL library is considered as a best effort |
16 |
target TLS library and provided as a commodity, LibreSSL has |
17 |
become our target TLS library. |
18 |
|
19 |
So as long as you don't require any features implemented with |
20 |
libressl, only, you should be fine. |
21 |
|
22 |
> It looks like other distros solve this by allowing libressl to install |
23 |
> its libraries to /usr/lib/libressl or similar, so that they can |
24 |
> coexist with openssl, allowing programs like OpenSMTPD. |
25 |
> |
26 |
> Any libressl developers interested in this sort of thing? |
27 |
> |
28 |
> Jason |
29 |
|
30 |
Patrick |