Upgrade OpenSSL to 1.1.1

[fcharlie]

Good News OpenSSL 1.1.1 has been released, it supports TLS1.3 RFC 8446.
OpenSSl 1.1.1 is New LTS. OpenSSL 1.1.1 is API and ABI compliant with OpenSSL 1.1.0.

Support for various new cryptographic algorithms including:

• SHA3
• SHA512/224 and SHA512/256
• EdDSA (including Ed25519 and Ed448)
• X448 (adding to the existing X25519 support in 1.1.0)
• Multi-prime RSA
• SM2
• SM3
• SM4
• SipHash
• ARIA (including TLS support)

In fact, some ports cannot be upgraded to the latest version because the version of openssl of vcpkg is too low, such as libssh.

Our previous LTS release (OpenSSL 1.0.2) will continue to receive full support until the end of this year. After that it will receive security fixes only. It will stop receiving all support at the end of 2019. Users of that release are strongly advised to upgrade to OpenSSL 1.1.1.

It's time to upgrade OpenSSL.

See: https://www.openssl.org/blog/blog/2018/09/11/release111/

Here are the ports that depend on openssl:

ports	support OpenSSL 1.1.1
librabbitmq	✔
aws-sdk-cpp	✔
wt	✔
azure-c-shared-utility	✔
libimobiledevice
yara	✔
libwebsockets	✔
podofo	✔
thrift	✔
ffmpeg	✔
qpid-proton
folly	✔
libssh	✔ (0.8.* Only 1.1.*) (2019-07 move to mbedTLS)
paho-mqtt
websocketpp	✔
apr-util	✔
libarchive	✔
cppcms	✔
libmysql	✔
mongo-c-driver	✔
fastrtps	✔
freerdp	✔
qt5-base	✔ (5.13)
caf	✔
curl	✔
opusfile	✔
librtmp
libevent	✔
mosquitto	✔
uwebsoockets	✔
libgit2	✔
libpq	✔ (11.4 test OK, ubuntu 18.04 apt install openssl 1.1.1)
boost-asio	✔
cpprestsdk	✔
libtorrent
wangle	✔
grpc	✔
libssh2	✔

[fcharlie]

@ras0219-msft @alexkaratarakis

[madig]

I think this calls for splitting the openssl package into a 1.0.x and 1.1.x branch. The API changed considerably in 1.1.x and older applications must be updated...

[zhulika]

In case someone else is tripped up by this, I'd like to point out that this problem may also cause vcpkg's integration for Visual Studio to break other projects. It may not spring to mind when you first see the errors, because openssl tends to be installed implicitly as a dependency by vcpkg, but vcpkg's version of OpenSSL will take precedence during the link phase over any local copy of OpenSSL that is part of the project's distribution.

I have just spent some time tracing the cause of a bunch of duplicate-symbol linker errors when trying to build NodeJS and it turned out to have been the copy of OpenSSL 1.0.2 that is being inserted at the top of MSBUILD's stack by vcpkg's integration with Visual Studio.

[fcharlie]

@ras0219-msft @alexkaratarakis Only a handful of ports do not support OpenSSL 1.1.1

[alexkaratarakis]

Very nice! qt5 concerns me a bit; the others look more easily patchable.

[fcharlie]

@alexkaratarakis https://bugreports.qt.io/browse/QTBUG-67463

[anluoma]

Just asking that are we waiting for Qt bug to finish before this gets fixed? We are interested of updating to 1.1.1 as well. Or is my assumption wrong?

[jozefizso]

Is there OpenSSL 1.1 port available which can be used internally?

It looks like Qt will block this port for some time.

[Rastaban]

it looks like PR #4983 may be dependent on this.

[mjaafa]

Hi there I want to know if there is any chance that it supports EVP_sha256. Thanls cause I do need it in my integration #5529

It the other hand If there is any possibility to check if there is an option in the confiuration easy and fast to activate.

[fcharlie]

@mjaafar See:
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1b/include/openssl/evp.h#L700-L718

[mjaafa]

The issue is related to configure the default options put sha256 in no option I hope in openssl 1.1.1 integration it will be activated @fcharlie