On Jun 24 20:13, Matthias Andree wrote:
Corinna Vinschen wrote on 2010-06-24:
>I have no idea about this stuff. I'm maintaining openssl primarily
>since it's required for openssh. If there's anything which isn't
>fixed upstream, it won't be fixed for Cygwin. The Cygwin 1.0.0a-1
>package is from the vanilla sources. The 0.9.8 runtime libs will
>only be kept in place until all packages using it have been converted
to
>1.0.0. I have no incentive to keep old runtime libs indefinitely.
Then please hold your horses. Do it wrong and the upgrade breaks
OpenSSL on lots of installations.
And: if the upgrade isn't done properly, bug reports about this will
often be misfiled with the application programmers as regressions.
<http://www.fetchmail.info/fetchmail-FAQ.html#R14> and
<http://www.fetchmail.info/> bear testimonies of such misfilings :)
Here's the short scoop:
- OpenSSL 1.0.0 uses a different hash for /usr/ssl/certs than 0.9.8
did, so after the default ssl version is upgraded to 1.0.0, c_rehash
needs to be run on that directory.
Openssl does not come with any certificate and there's no certificate
package in Cygwin either. AFAICS it would be sufficient to move to
another ssl directory like, say, /usr/share/ssl instead of /usr/ssl.
The user can copy and rehash any certificates manually, or install
root certificates from scratch for 1.0.0.