diff options
Diffstat (limited to 'pkgs/development/libraries/openssl/default.nix')
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index c0b4fe75b610e..0e144726cf85f 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -237,6 +237,8 @@ let in { # intended version "policy": # - 1.1 as long as some package exists, which does not build without it + # (tracking issue: https://github.com/NixOS/nixpkgs/issues/269713) + # try to remove in 24.05 for the first time, if possible then # - latest 3.x LTS # - latest 3.x non-LTS as preview/for development # @@ -245,7 +247,7 @@ in { # If you do upgrade here, please update in pkgs/top-level/release.nix # the permitted insecure version to ensure it gets cached for our users - # and backport this to stable release (23.05). + # and backport this to stable release (at time of writing this 23.11). openssl_1_1 = common { version = "1.1.1w"; hash = "sha256-zzCYlQy02FOtlcCEHx+cbT3BAtzPys1SHZOSUgi3asg="; @@ -259,7 +261,7 @@ in { withDocs = true; extraMeta = { knownVulnerabilities = [ - "OpenSSL 1.1 is reaching its end of life on 2023/09/11 and cannot be supported through the NixOS 23.05 release cycle. https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/" + "OpenSSL 1.1 is reaching its end of life on 2023/09/11 and cannot be supported through the NixOS 23.11 release cycle. https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/" ]; }; }; @@ -309,4 +311,27 @@ in { license = licenses.asl20; }; }; + + openssl_3_3 = common { + version = "3.3.0"; + hash = "sha256-U+ZrBDMipgar8Ah+dpmg4DOjf6E/65dC3zXDozsY+wI="; + + patches = [ + ./3.0/nix-ssl-cert-file.patch + + # openssl will only compile in KTLS if the current kernel supports it. + # This patch disables build-time detection. + ./3.0/openssl-disable-kernel-detection.patch + + (if stdenv.hostPlatform.isDarwin + then ./3.2/use-etc-ssl-certs-darwin.patch + else ./3.2/use-etc-ssl-certs.patch) + ]; + + withDocs = true; + + extraMeta = with lib; { + license = licenses.asl20; + }; + }; } |