[Interest] Linux openssl 1.1.0 versus 1.0.X

[maitai]

Thanks Thiago for your reply

I knew the solution, I just don't accept it. I have to deliver binaries 
for windows from 10 to XP, old linuxes and new ones, Raspberry on arm, 
android on arm or X86, ios, and MacOS too.

Adding another build is just too much, especially if I have to recompile 
the whole qt again just for that case.

I will add a stupid test, and if https does not work let's go for http.

Thanks again, you are right I agree.
Philippe.




Le 15-09-2018 18:06, Thiago Macieira a écrit :
> On Saturday, 15 September 2018 03:51:29 PDT maitai wrote:
>> Hello,
>> 
>> Some of my users have started migrating to Ubuntu 18.04 and since it
>> comes with openssl 1.1.0 the app cannot connect anymore. As I 
>> understand
>> qt 5.11.1 prebuild binaries are built against openssl 1.0.X.
>> 
>> Is there a simple way to deploy my application with openssl 1.0.X
>> libraries so it will use that instead of the system library? I didn't
>> succeed so far so any hint is welcomed.
> 
> It's not recommended because OpenSSL is a security library. If you want 
> to
> ship it, you'll have to monitor the CVEs that are filed against it, 
> apply the
> patches as soon as they are released and issue and update of your 
> application
> every time a patch or OpenSSL releases. That will happen a dozen times 
> a year.
> 
> It's simpler to have two builds of your application, one with OpenSSL 
> 1.0 and
> one with 1.1, letting the user decide which one to download. Better 
> yet, make
> it a single download and let your installer decide which one to install 
> based
> on the system's libraries.