Dependency openssl: curl download yields 404

[voidzero]

Trying to build the dependencies for v2.2.0.4, but getting the following:

Fetching openssl-1.0.1k.tar.gz from https://www.openssl.org/source
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (22) The requested URL returned error: 404 Not Found

The correct URL is https://www.openssl.org/source/old/1.0.1/openssl-1.0.1k.tar.gz.

[mjmacleod]

Just tried now on a dev machine.

cd depends
make openssl

Fetching openssl-1.0.1k.tar.gz from https://www.openssl.org/source
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 4330k  100 4330k    0     0  2839k      0  0:00:01  0:00:01 --:--:-- 3346k
/Development/freelance/GULDEN/core/Gulden-official-working/depends/work/download/openssl-1.0.1k/openssl-1.0.1k.tar.gz.temp: OK
Extracting openssl...

Placing https://www.openssl.org/source/openssl-1.0.1k.tar.gz direct in my browser also works, so it does seem to be a generally valid link - I'm not 100% sure why its not working for you?

I'm happy to alter the URL if the other one is more correct, however I would like to better understand why it doesn't work as is first.

[voidzero]

I don't know. Maybe it's geolocation mirror related?

% wget https://www.openssl.org/source/openssl-1.0.1k.tar.gz 
--2020-03-31 16:34:42--  https://www.openssl.org/source/openssl-1.0.1k.tar.gz
Resolving www.openssl.org... 95.100.129.63, 2a02:26f0:6b:28b::c1e, 2a02:26f0:6b:29a::c1e
Connecting to www.openssl.org|95.100.129.63|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2020-03-31 16:34:42 ERROR 404: Not Found.

% curl -I https://www.openssl.org/source/openssl-1.0.1k.tar.gz 
HTTP/1.1 404 Not Found
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 4182
Cache-Control: max-age=172733
Expires: Thu, 02 Apr 2020 14:33:43 GMT
Date: Tue, 31 Mar 2020 14:34:50 GMT
Connection: keep-alive

The link in my browser gives me a 404 too.

[mjmacleod]

Okay, I'll change it, thanks for the report

[voidzero]

Thanks.

Tangentially - as this caused me to take a peek at depends/packages/openssl.mk, and out of curiosity, I tried to set it to 1.0.2u. With a few slight adjustment this works - I had to remove certain -no-<algo> lines but after that, Gulden built and runs just fine. Any thoughts on this?

The thought process was that as old openssl versions are no longer supported upstream, why not try openssl 1.1.1. That one failed so I tried "the next best thing."

I'm not a developer though so I'm just curious.

[mjmacleod]

Upgrading openssl should work perfectly fine, all development is done on gentoo linux here, where I'm already on openssl-1.1.1d and there have never been any issues. So it should be 100% fine to do so, and I wouldn't expect issues.

The only reason it is not yet done officially, is that to do so officially I must test that it doesn't break anything for official builds on much older distributions, on windows and so on.

Also as we only mostly use the key generation capabilities of openssl and not the parts that have been patched extensively recently, the older version is not as terrible as it might appear on the surface.

That said it definitely should be switched to a newer openssl, and in the very near future (post phase 4 activation) this will definitely happen, in the meantime you are welcome to use any openssl you want.

[voidzero]

Thanks for that! I use Funtoo, which is a restructured Gentoo authored by drobbins. So I'll give this a try!