[FFe] cl-plus-ssl does not support OpenSSL 3.0

This now also affects pgloader/jammy on apt.postgresql.org.

Thanks for making us aware Christoph that this was falling through the cracks.
Athos is trying to have a look today and summarize the current state here.

I'll then try to have a look at continuing that tomorrow and hopefully Simon (Mr. OpenSSL3) can help as well then.

TL;DR:
yes you could say they are in
 cl-plus-ssl | 20200609.gitff4634a-1build1 | jammy/universe | source, all
 pgloader | 3.6.3-1 | jammy/universe | source, amd64, arm64, armhf
But they are dysfunctional.

Hope:
- by now upstream might have new commits we want to add to cl-plus-ssl
- in the meantime many packages got fixed for openssl3, maybe there is something done in other PKGs that we can re-use here

It turned out that cl-plus-ssl upstream git has already OpenSSL 3 support, so all it took was to update it to 20220328.git8b91648. I've just uploaded that to Debian unstable.

the autopkgtest tests for the new cl-plus-ssl version in unstable is failing in jammy.

src/reload.lisp fails to load the proper *.so files. When adding entries for the openssl 3 libraries, one test still fails: test/fingerprint.lisp calls EVP_MD_size, which has been renamed to EVP_MD_get_size.

I am preparing a patch to fix these issues and then this should be fine to land in jammy. We will need a FFe since we are pulling in a significant amount of changes from cl-plus-ssl upstream. We can use this bug for the FFe.

I filed https://salsa.debian.org/common-lisp-team/cl-plus-ssl/-/merge_requests/2 to fix the failing tests. If there are no issues with the patch, I will also forward that upstream.

I uploaded your patch as -3 now. Thanks!

Thanks, Christoph :)

I also forwarded the patch upstream in https://github.com/cl-plus-ssl/cl-plus-ssl/pull/154

The cl-plus-ssl issue seems to be fixed.

for pgloader, we are now hitting https://github.com/dimitri/pgloader/issues/153: i.e., when trying to load the first option for the openssl libraries in cl-plus-ssl, the debugger gets invoked (and the tests fail).

We can proceed with the cl-plus-ssl FFe though since the next fix should be in pgloader itself.

Filed upstream issue for pgloader at https://github.com/dimitri/pgloader/issues/1370

FFe approved.

This bug was fixed in the package cl-plus-ssl - 20220328.git8b91648-3

---------------
cl-plus-ssl (20220328.git8b91648-3) unstable; urgency=medium

  * Team upload.
  * d/p/openssl3.patch: Improve support for OpenSSL 3.

 -- Athos Ribeiro <email address hidden> Fri, 01 Apr 2022 15:14:25 -0300

cl-plus-ssl (20220328.git8b91648-2) unstable; urgency=medium

  * Team upload.
  * Disable clisp autopkgtest on ppc64el, not reliable there.
    (Same change as in cl-asdf.)

 -- Christoph Berg <email address hidden> Fri, 01 Apr 2022 11:19:02 +0200

cl-plus-ssl (20220328.git8b91648-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 20220328.git8b91648 with OpenSSL 3 support.

 -- Christoph Berg <email address hidden> Thu, 31 Mar 2022 17:06:56 +0200

Unclear to me why this was set to fix committed if it was already landed. Also the described rationale is a bugfix, not a feature.

Thanks for setting the status there. The package wasn't landed at that point AFAICT, so I set it to fix committed to wait for the migration to happen.

There are unrelated patches with actual features that were pulled in, as described in https://launchpadlibrarian.net/595168316/cl-plus-ssl.changelog (e.g, 34f56a6 adds not-after and not-before functionality), that's why I filed the FFe.

This bug was fixed in the package pgloader - 3.6.3-1build1

---------------
pgloader (3.6.3-1build1) jammy; urgency=medium

  * No changes rebuild for cl-plus-ssl fixes (LP: #1960615).

 -- Athos Ribeiro <email address hidden> Mon, 11 Apr 2022 09:16:20 -0300

Filed LP: #1968594 to follow-up on the pgloader issue where it invokes the debugger when ldopen fails for the first shared object in cl+ssl list.