cURL with openSSL 1.1.1 version

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

cURL with openSSL 1.1.1 version

Swamy J-S

Hi,

 

Currently am working with curl 7.58 and openssl 1.0.2 in ubuntu 18.04.

 

As openssl 1.0.2 support will end this year, I want to upgrade my openssl to 1.1.1 branch.

 

Right now my code uses curl library with libcurl4 and gnuTLS as SSL backend. Am using many curl options such as CURLOPT_SSL_VERIFYPEER , CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_CTX_FUNCTION, CURLOPT_SSL_CTX_DATA etc.

 

If I upgrade openssl to 1.1.1 then all these curl options will be working fine? Or should I upgrade curl and other things also?? If you have any document or release notes regarding this the please let me know.

 

Regards,

SWAMY J S

Reply | Threaded
Open this post in threaded view
|

Re: cURL with openSSL 1.1.1 version

Nicola
Currently Ubuntu 18.04 ships with OpenSSL 1.1.0 (https://packages.ubuntu.com/bionic/openssl) and official Ubuntu packages depending on OpenSSL link against this version.

1.1.0 will be EOL in September, and after that the decision on which level of support to provide depends on the Ubuntu project and their development strategies.

1.1.1 was designed to minimize breaking changes coming from 1.1.0, so existing applications shouldn't require major changes for the existing functionality, but ultimately it will be Ubuntu decision if they are going to maintain their fork of 1.1.0 after upstream EOL or to upgrade to 1.1.1

If you are compiling your own application disregarding the distribution maintainers decisions, you are free to compile and link against your own version of openssl and to the best of my knowledge recent versions of curl will not create any issue when compiling against 1.1.1

If you have your own code using the OpenSSL API directly and have not updated since 1.0.2, some changes will most likely be required as since 1.1.0 most structs are opaque and you need to use accessors to get and set their members.

Best regards, 

Nicola Tuveri 

On Tue, Mar 19, 2019, 09:56 Swamy J-S <[hidden email]> wrote:

Hi,

 

Currently am working with curl 7.58 and openssl 1.0.2 in ubuntu 18.04.

 

As openssl 1.0.2 support will end this year, I want to upgrade my openssl to 1.1.1 branch.

 

Right now my code uses curl library with libcurl4 and gnuTLS as SSL backend. Am using many curl options such as CURLOPT_SSL_VERIFYPEER , CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_CTX_FUNCTION, CURLOPT_SSL_CTX_DATA etc.

 

If I upgrade openssl to 1.1.1 then all these curl options will be working fine? Or should I upgrade curl and other things also?? If you have any document or release notes regarding this the please let me know.

 

Regards,

SWAMY J S

Reply | Threaded
Open this post in threaded view
|

RE: cURL with openSSL 1.1.1 version

Swamy J-S

Ubuntu released any libssl development package already for openssl 1.1.1? I want to download package internally, I don’t want to download openssl and build it externally.

 

Right now “sudo apt install libssl-dev” installs openssl1.1.0g version, like this any command to install openssl 1.1.1??

 

Thanks and Regards,

SWAMY J S

 

From: Nicola <[hidden email]>
Sent: Tuesday, March 19, 2019 2:22 PM
To: Swamy J-S <[hidden email]>
Cc: [hidden email]
Subject: Re: cURL with openSSL 1.1.1 version

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 

Currently Ubuntu 18.04 ships with OpenSSL 1.1.0 (https://packages.ubuntu.com/bionic/openssl) and official Ubuntu packages depending on OpenSSL link against this version.

 

1.1.0 will be EOL in September, and after that the decision on which level of support to provide depends on the Ubuntu project and their development strategies.

 

1.1.1 was designed to minimize breaking changes coming from 1.1.0, so existing applications shouldn't require major changes for the existing functionality, but ultimately it will be Ubuntu decision if they are going to maintain their fork of 1.1.0 after upstream EOL or to upgrade to 1.1.1

 

If you are compiling your own application disregarding the distribution maintainers decisions, you are free to compile and link against your own version of openssl and to the best of my knowledge recent versions of curl will not create any issue when compiling against 1.1.1

 

If you have your own code using the OpenSSL API directly and have not updated since 1.0.2, some changes will most likely be required as since 1.1.0 most structs are opaque and you need to use accessors to get and set their members.

 

Best regards, 

 

Nicola Tuveri 

 

On Tue, Mar 19, 2019, 09:56 Swamy J-S <[hidden email]> wrote:

Hi,

 

Currently am working with curl 7.58 and openssl 1.0.2 in ubuntu 18.04.

 

As openssl 1.0.2 support will end this year, I want to upgrade my openssl to 1.1.1 branch.

 

Right now my code uses curl library with libcurl4 and gnuTLS as SSL backend. Am using many curl options such as CURLOPT_SSL_VERIFYPEER , CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_CTX_FUNCTION, CURLOPT_SSL_CTX_DATA etc.

 

If I upgrade openssl to 1.1.1 then all these curl options will be working fine? Or should I upgrade curl and other things also?? If you have any document or release notes regarding this the please let me know.

 

Regards,

SWAMY J S

Reply | Threaded
Open this post in threaded view
|

Re: cURL with openSSL 1.1.1 version

Nicola
Ubuntu Cosmic 18.10 ships openssl 1.1.1:
https://packages.ubuntu.com/cosmic/openssl

So one option could be to update to 18.10, which is not a LTS release though.

I strongly recommend against trying to manually grab indivudal
packages for 18.10 and force them in your 18.04 installation, you will
only cause problems with any other package that depends on openssl.

BR,

Nicola

On Wed, 20 Mar 2019 at 13:40, Swamy J-S <[hidden email]> wrote:

>
> Ubuntu released any libssl development package already for openssl 1.1.1? I want to download package internally, I don’t want to download openssl and build it externally.
>
>
>
> Right now “sudo apt install libssl-dev” installs openssl1.1.0g version, like this any command to install openssl 1.1.1??
>
>
>
> Thanks and Regards,
>
> SWAMY J S
>
>
>
> From: Nicola <[hidden email]>
> Sent: Tuesday, March 19, 2019 2:22 PM
> To: Swamy J-S <[hidden email]>
> Cc: [hidden email]
> Subject: Re: cURL with openSSL 1.1.1 version
>
>
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
>
>
> Currently Ubuntu 18.04 ships with OpenSSL 1.1.0 (https://packages.ubuntu.com/bionic/openssl) and official Ubuntu packages depending on OpenSSL link against this version.
>
>
>
> 1.1.0 will be EOL in September, and after that the decision on which level of support to provide depends on the Ubuntu project and their development strategies.
>
>
>
> 1.1.1 was designed to minimize breaking changes coming from 1.1.0, so existing applications shouldn't require major changes for the existing functionality, but ultimately it will be Ubuntu decision if they are going to maintain their fork of 1.1.0 after upstream EOL or to upgrade to 1.1.1
>
>
>
> If you are compiling your own application disregarding the distribution maintainers decisions, you are free to compile and link against your own version of openssl and to the best of my knowledge recent versions of curl will not create any issue when compiling against 1.1.1
>
>
>
> If you have your own code using the OpenSSL API directly and have not updated since 1.0.2, some changes will most likely be required as since 1.1.0 most structs are opaque and you need to use accessors to get and set their members.
>
>
>
> Best regards,
>
>
>
> Nicola Tuveri
>
>
>
> On Tue, Mar 19, 2019, 09:56 Swamy J-S <[hidden email]> wrote:
>
> Hi,
>
>
>
> Currently am working with curl 7.58 and openssl 1.0.2 in ubuntu 18.04.
>
>
>
> As openssl 1.0.2 support will end this year, I want to upgrade my openssl to 1.1.1 branch.
>
>
>
> Right now my code uses curl library with libcurl4 and gnuTLS as SSL backend. Am using many curl options such as CURLOPT_SSL_VERIFYPEER , CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_CTX_FUNCTION, CURLOPT_SSL_CTX_DATA etc.
>
>
>
> If I upgrade openssl to 1.1.1 then all these curl options will be working fine? Or should I upgrade curl and other things also?? If you have any document or release notes regarding this the please let me know.
>
>
>
> Regards,
>
> SWAMY J S
Reply | Threaded
Open this post in threaded view
|

Re: cURL with openSSL 1.1.1 version

Richard Moore
In reply to this post by Swamy J-S


On Tue, 19 Mar 2019 at 07:56, Swamy J-S <[hidden email]> wrote:

Right now my code uses curl library with libcurl4 and gnuTLS as SSL backend. Am using many curl options such as CURLOPT_SSL_VERIFYPEER , 


If you use gnuTLS as your SSL backend then this is nothing to do with openssl at all.

Kind Regards

Rich