cURL with openSSL 1.1.1 version

Wed Mar 20 11:40:10 UTC 2019

Ubuntu released any libssl development package already for openssl 1.1.1? I want to download package internally, I don’t want to download openssl and build it externally.

Right now “sudo apt install libssl-dev” installs openssl1.1.0g version, like this any command to install openssl 1.1.1??

Thanks and Regards,
SWAMY J S

From: Nicola <nic.tuv at gmail.com>
Sent: Tuesday, March 19, 2019 2:22 PM
To: Swamy J-S <swamy.j-s at in.abb.com>
Cc: openssl-users at openssl.org
Subject: Re: cURL with openSSL 1.1.1 version

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Currently Ubuntu 18.04 ships with OpenSSL 1.1.0 (https://packages.ubuntu.com/bionic/openssl<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpackages.ubuntu.com%2Fbionic%2Fopenssl&data=02%7C01%7Cswamy.j-s%40in.abb.com%7Ca64a60a8f0064a43ce5708d6ac48387f%7C372ee9e09ce04033a64ac07073a91ecd%7C0%7C0%7C636885823518561215&sdata=0nV1nWV7fC5GIwUDLLgidRS7u4LOSA%2Fiijni43%2F8beM%3D&reserved=0>) and official Ubuntu packages depending on OpenSSL link against this version.

1.1.0 will be EOL in September, and after that the decision on which level of support to provide depends on the Ubuntu project and their development strategies.

1.1.1 was designed to minimize breaking changes coming from 1.1.0, so existing applications shouldn't require major changes for the existing functionality, but ultimately it will be Ubuntu decision if they are going to maintain their fork of 1.1.0 after upstream EOL or to upgrade to 1.1.1

If you are compiling your own application disregarding the distribution maintainers decisions, you are free to compile and link against your own version of openssl and to the best of my knowledge recent versions of curl will not create any issue when compiling against 1.1.1

If you have your own code using the OpenSSL API directly and have not updated since 1.0.2, some changes will most likely be required as since 1.1.0 most structs are opaque and you need to use accessors to get and set their members.

Best regards,

Nicola Tuveri

On Tue, Mar 19, 2019, 09:56 Swamy J-S <swamy.j-s at in.abb.com<mailto:swamy.j-s at in.abb.com>> wrote:
Hi,

Currently am working with curl 7.58 and openssl 1.0.2 in ubuntu 18.04.

As openssl 1.0.2 support will end this year, I want to upgrade my openssl to 1.1.1 branch.

Right now my code uses curl library with libcurl4 and gnuTLS as SSL backend. Am using many curl options such as CURLOPT_SSL_VERIFYPEER , CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_CTX_FUNCTION, CURLOPT_SSL_CTX_DATA etc.

If I upgrade openssl to 1.1.1 then all these curl options will be working fine? Or should I upgrade curl and other things also?? If you have any document or release notes regarding this the please let me know.

Regards,
SWAMY J S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190320/5525a8b3/attachment-0001.html>