[Development] Removal/deprecation of OpenSSL 1 in Qt
Giuseppe D'Angelo
giuseppe.dangelo at kdab.com
Thu Dec 7 11:33:33 CET 2023
Hello,
On 07/12/2023 09:50, Ville Voutilainen wrote:
> Well, this is straightforward in the sense that QNX doesn't support
> openssl3 yet.
> Dropping OpenSSL1 support is dropping support for TLS on QNX, and we don't
> want to do that.
Sure, this is the premise of my mail, revert the change.
What about the rest?
* For how long is QNX going to support OpenSSL 1? Is OpenSSL 3 support
on the radar? Is there an online resource showing their commitment at
maintaining it? Is there the possibility of just building+shipping
OpenSSL 3 outside of what it's provided by the base OS?
* For how long are *we* going to support QNX and OpenSSL 1 on there?
* What about other platforms?
* Can we put this "contract" in the docs?
> I don't quite follow why the revert "must" include making OpenSSL1
> entirely an opt-in.
> That doesn't change anything in how we build our release packages, at
> the end of the day.
> Innocent users should just build with an OpenSSL3-enabled system.
Innocent users may have their own build scripts that pull OpenSSL 1 and
build Qt against that, without realizing that they're playing with fire.
We should never expose users to insecure defaults, hence the opt-in
flag, and a build error if you ask for autodetection and only OpenSSL 1
is found.
Thank you,
--
Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - Trusted Software Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4244 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.qt-project.org/pipermail/development/attachments/20231207/eebb024f/attachment.bin>
More information about the Development
mailing list