openssl: install version 3.3.2 and 1-1.1.1za

[thomas]

Meanwhile openssl ver-3 should be considered as mature, also more and more binary packages use libssl.so.3 and libcrypto.so.3 what causes trouble when we use foreign packages for package/pkg and the like.

The package is called openssl, not openssl3 - in the hope that future builds are more standards aware, and avoid the chaos that openssl v1 has produced. (BTW, there is also a libssl3.so in the system, it is from the nss package, so don't get confused)

Since there still might be packages around that need openssl-1.1, a pure compat-package might not be sufficient here. Therefore a recent openssl-1.1 package is build aside of openssl3. If the software in question uses pkg-config, setting

PKG_CONFIG_PATH=/usr/lib/openssl-1.1/pkgconfig

should do the job, otherwise CFLAGS, LDFLAGS, etc. need adjustments (-I/usr/include/openssl-1.1, -L/usr/lib/openssl-1.1). The old openssl command line program is called openssl-1.1

[thomas]

Why ist the version 1.1.1w called "1.1.1za" ?

Each of the 3 patches is increasing the version (w->x->y->za) of the result, 'openssl1-1.1.1za' can not be downloaded, but I also did not want to modyfy the patches. So I start with source 'w', but know that I'm going to build 'za'. So the BEE_VERSION is 'za'.

(or at least this is IMHO less confusing then having BEE_VERSION openssl1-1.1.1w, and then #> openssl-1.1 version is telling me that it is OpenSSL 1.1.1za 26 Jun 2024 ...)

[donald]

I see, thanks.

[thomas]

As for the tests I did, eventually look at /scratch/tmp/openssh_libcrypto* and /scratch/tmp/inkscape-1.4.beta3*, here I checked building against the old and new openssl versions. In the case of inkscape this was also related to #3171.