Re: HEADSUP maintainers: Change in openssl package requires change in setup.hint

[Corinna Vinschen <corinna-cygwin at cygwin dot com>]

On Jun 24 20:13, Matthias Andree wrote:
> Corinna Vinschen wrote on 2010-06-24:
> >I have no idea about this stuff.  I'm maintaining openssl primarily
> >since it's required for openssh.  If there's anything which isn't
> >fixed upstream, it won't be fixed for Cygwin.  The Cygwin 1.0.0a-1
> >package is from the vanilla sources.  The 0.9.8 runtime libs will
> >only be kept in place until all packages using it have been converted to
> >1.0.0.  I have no incentive to keep old runtime libs indefinitely.
> 
> Then please hold your horses.  Do it wrong and the upgrade breaks
> OpenSSL on lots of installations.
> 
> And: if the upgrade isn't done properly, bug reports about this will
> often be misfiled with the application programmers as regressions.
> <http://www.fetchmail.info/fetchmail-FAQ.html#R14> and
> <http://www.fetchmail.info/> bear testimonies of such misfilings :)
> 
> Here's the short scoop:
> 
> - OpenSSL 1.0.0 uses a different hash for /usr/ssl/certs than 0.9.8
> did, so after the default ssl version is upgraded to 1.0.0, c_rehash
> needs to be run on that directory.

Openssl does not come with any certificate and there's no certificate
package in Cygwin either.  AFAICS it would be sufficient to move to
another ssl directory like, say, /usr/share/ssl instead of /usr/ssl.
The user can copy and rehash any certificates manually, or install
root certificates from scratch for 1.0.0.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat