Hacker News new | past | comments | ask | show | jobs | submit login

Time to upgrade to LibreSSL. It works just fine and I haven't ran into any compatibility issues lately. The libraries might even work side by side because of the ".50" version number although I wouldn't recommend it.

When your distro is still on 1.1.1\w, now may be the right time to make the switch.




My main annoyance with libressl is the absence of SSL_CERT_DIR and SSL_CERT_FILE. They are often handy for example for testing.


Well then you could use a sandbox (e.g. bubblewrap) to mount whatever on /etc/ssl. Or you could recompile libressl with a different --sysconfdir and LD_PRELOAD it.


Sure, I could. But it is more complex. And my (probably wrong) opinion is that at the point where you can inject environment variables, the game is pretty much over anyway (you can probably make more harm with LD_PRELOAD compared to SSL_CERT_FILE). So I am not convinced about the value this limitation brings in.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: