diff options
Diffstat (limited to 'pkgs/development/libraries/openssl/default.nix')
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 3aeafccb1edb2..a8e178c7e6d37 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -234,6 +234,13 @@ let }); in { + # intended version "policy": + # - 1.1 as long as some package exists, which does not build without it + # - latest 3.x LTS + # - latest 3.x non-LTS as preview/for development + # + # - other versions in between only when reasonable need is stated for some package + # - backport every security critical fix release e.g. 3.0.y -> 3.0.y+1 but no new version, e.g. 3.1 -> 3.2 # If you do upgrade here, please update in pkgs/top-level/release.nix # the permitted insecure version to ensure it gets cached for our users @@ -279,9 +286,9 @@ in { }; }; - openssl_3_1 = common { - version = "3.1.4"; - hash = "sha256-hAr1Nmq5tSK95SWCa+PvD7Cvgcap69hMqmAP6hcx7uM="; + openssl_3_2 = common { + version = "3.2.0"; + hash = "sha256-FMgm8Hx+QzcG+1xp+p4l2rlWhIRLTJYqLPG/GD60aQ4="; patches = [ ./3.0/nix-ssl-cert-file.patch @@ -291,8 +298,8 @@ in { ./3.0/openssl-disable-kernel-detection.patch (if stdenv.hostPlatform.isDarwin - then ./use-etc-ssl-certs-darwin.patch - else ./use-etc-ssl-certs.patch) + then ./3.2/use-etc-ssl-certs-darwin.patch + else ./3.2/use-etc-ssl-certs.patch) ]; withDocs = true; |