OpenSSL 1.1.0+ support?
What is the plan with OpenSSL 1.1.0+ support? I am asking, since per this announcement 1, the OpenSSL 1.1.0 landed today in Fedora Rawhide and Ruby CI immediately failed 2, 3. I see that there is some upstream work on OpenSSL support 4, but I am wondering how this will be handled for stable Ruby releases?
Updated by rhenium (Kazuki Yamaguchi) about 3 years ago
The upstream of ext/openssl (and the current Ruby trunk) supports OpenSSL 1.1.0 (#12324), but at the same time it dropped support for OpenSSL < 0.9.8. Since adding support for OpenSSL 1.1.0 was a non-trivial work due to the low compatibility, it will be a hard work to backport
Personally I think not backporting is not a problem, because the compatibility issue is not only for Ruby and thus I imagine most distributions will provide a compat package for OpenSSL 1.0.x for a while.
Updated by vo.x (Vit Ondruch) about 3 years ago
Let me quote one paragraph:
We do not want to keep 1.0.2 devel around as that could make it to look like the 1.0.2 is still fully "supported" in Fedora and there would be no incentive to switch to 1.1.0.
That basically means whatever is in Fedora already by now, should be installable, but you won't be able to build any package which is not compatible with OpenSSL 1.1.0. That means that only Ruby 2.4+ would be buildable on Fedora 26. That should be OK from Fedora distribution POV, since we try to make sure that the packages in distribution are compatible with Ruby version we ship, but I expect our users would like to install also older versions of Ruby.
Of course there are voices 1 that the -devel package should also be available for compat version of OpenSSL, but this is probably open question yet ...
Updated by vo.x (Vit Ondruch) almost 3 years ago
Ok, so now we have openssl-1.1.0b-3.fc26 as well as compat-openssl10-1.0.2j-5.fc26 (including -devel subpackage) on Fedora Rawhide, so it should be possible to build older Ruby, but unfortunately, some other libraries fail, since they loads both versions of OpenSSL into memory. For example rubygem Typhoeus fails to pass its test suite (see 1 or build.log from 2 if the first link does not work anymore). Is there any chance to make openssl.so to load correctly versioned libssl.so?