Re: OpenSSL 3.0 support for Debian11
On Wed, Jan 18, 2023 at 1:19 AM David <bouncingcats@gmail.com> wrote:
>
> On Wed, 18 Jan 2023 at 10:24, Ben Lavender <ben@benlavender.co.uk> wrote:
>
> > Stable releases don't always provide the latest software, generally that
> > isn't always respectively "stable".
> >
> > The latest seems to be available via the repositories Debian testing and
> > unstable of which you can still run on Debian 11 if you configure it so.
>
> Debian 11 is current Debian Stable release.
> There's a page on the Debian wiki titled
> "Advice For New Users On Not Breaking Their Debian System" [1]
>
> and the very first item of advice there is
> "If you're trying to install software that isn't available in the current Debian
> Stable release, it's not a good idea to add repositories for other
> Debian releases."
>
> So it might be a good idea for anyone considering adding additional software
> outside of what is officially packaged for a Debian Stable release to evaluate
> the information given on that page regarding different methods of doing so,
> and possible consequences.
I've seen manual OpenSSL upgrades break a few systems over the years.
OpenSSL is needed to check signatures on packages, so it's almost
impossible to bring a system back from a break. In this case, a break
usually includes overwriting Debian's copy of libcrypto.so and
libssl.so in /usr/lib.
If OpenSSL is installed locally at /usr/local, then things should be
Ok. I do it all the time. The rub is, be sure to set a RPATH or
RUNPATH so the proper dynamic libraries are found at runtime. Also see
https://wiki.openssl.org/index.php/Compilation_and_Installation#Using_RPATHs
.
Jeff
Reply to: