[sle-beta] Beta3 post install software installation
jrd at netlab1.net
Thu Nov 30 04:53:32 MST 2017
Thorsten and the group,
That is about right, both the need to install parallel SSL's for
development and have the CA certs be installed.
Hopefully this will turn out to be a simple dependency matter to
On 30/11/2017 11:50, Thorsten Kukuk wrote:
> On Thu, Nov 30, Joe Doupnik wrote:
>> Thorsten and the group,
>> Fair enough. What I am trying to do in this particular case is use
>> Openssl v1.1 to support building an application, and see if existing apps
>> could use it. The answer to the latter is typically no, of course, as they
>> are built against v1.0.2, which is a situation similar to using the Security
>> Channel of previous versions of SLES to supply a few key apps built with
>> another version of SSL. Building my own code needs SSL v1.1 for checking
>> matters, and that means both the library and the headers (-devel bundle).
>> Where matters become sticky is adding the -devel material, where YaST
>> decides that we must remove all of the earlier SSL material (thus the
>> earlier library as well). I think that is a step too far in the dependency
>> resolution problem, where there is conflict only about the -devel part. This
>> seems to be readily curable by a script tweak or two.
> Yes, it is currently not possible to install openssl v1.1 and v1.0 in
> parallel, but this is what you need here. I hope our security team will
> find a solution for this.
>> Next there are the certificates. Right now this seems to be a muddle. I
>> have two Beta 3 machines set up, one with the choice of SSL v1.1 and the
>> second with the stock SSL v1.0.x. The first has experienced the discussed
>> problems, and the second does work reasonably well. The certificate blockage
>> does seem to be a dependency criteria which I have not decoded.
>> Here is a screen capture of one case: on the SSL v1.1 (first) machine.
>> In YaST ask to install the ca-certificates RPM material, and the conflict
>> resolution screen shown below appears:
> That's a similar problem: YaST/zypper always tries to install the newest
> version. You have to select the openssl-1.0 package manually.
> But the question is: why is ca-certificates not installed? Should always
> be installed.
More information about the sle-beta