[Tracking Issue] Remaining OpenSSL 1.1 dependents

[RaitoBezarius]

Issue description

Now that it's clear that OpenSSL 1.1 is EOL to everyone (https://endoflife.date/openssl), we need to take care of the remnants of OpenSSL 1.1.

• home-assistant-chip-core @mweinelt [Feature] Update chip-build container for OpenSSL 3 project-chip/connectedhomeip#25688
• osquery @nlewo @RaitoBezarius a91ac78
• Ruby @ajs124
• Viber @SimonBrandner @prtzl
• AWS workspace @dylanmtaylor @mausch
• PHP legacy extension @RaitoBezarius
• PHP's relay package @ostrolucky phpExtensions.relay: 0.6.3 -> 0.6.8 #270128
• Lisp's cl-async-ssl @Uthar
• paddlepaddle @happysalada
• pcsc-safenet @charles-dyfis-net
• sgx-sdk @blitz sgx-sdk: 2.16 -> 2.21 #254845
• sublimetext4 @PedroHLC @jtojnar Upgrade OpenSSL sublimehq/sublime_text#5984
• runescaper launcher @GRBurst
• quickbms: no maintainer
• wraith @ajs124 @elitak
• kore @JohnMH kore: unpin openssl_1_1 #292644
• wkhtmltopdf-bin @kalbasit @nbr
• mrustc's bootstrap @progval @r-burns
• archiveopteryx @phunehehe archiveopteryx: remove #270449
• bip: no maintainer bip: 0.8.9 -> 0.9.3 #271248

If those dependencies are not migrated one month before 2 months before the next release process starts, I propose to remove them from nixpkgs.

[mweinelt]

For home-assistant-chip-core we are at the mercy of the upstream Matter SDK. Their build system is pinned to Ubuntu 20.04, which only carries OpenSSL 1.1, so the wheels get built against that.

Building that from source is not feasible, as the Git repo with all required submodules is 27 GiB in size, before it bootstraps and downloads even more things.

Issue reported earlier this year at project-chip/connectedhomeip#25688

[charles-dyfis-net]

The upstream documentation for pcsc-safenet claims that it's possible to make it work with newer OpenSSL releases. I haven't succeeded in doing so to date, but will take another shot at it.

[mausch]

This will be solved for aws-workspaces when we get this done: #251976

[eclairevoyant]

Besides bip being unmaintained in nixpkgs, it's also dead upstream, no commits in nearly 2 years, and the openssl situation was raised a while ago w no response https://projects.duckcorp.org/issues/780

And in nixpkgs it seems that we are just adding patch after patch just to keep it alive.

[blitz]

FYI I'm looking into upgrading the sgx-sdk.

[blitz]

From my perspective getting #254845 merged is the best option to remove its OpenSSL 1.1 dependency.

[nbr]

wkhtmltopdf-bin does not seem to depend on openssl_1_1 as far as I can tell (unless I am missing something?)

[kirillrdy]

wkhtmltopdf-bin does not seem to depend on openssl_1_1 as far as I can tell (unless I am missing something?)

libssl.so.1.1 wanted by /nix/store/qkkgc8yjxb6bz13i9mhxv8vfnn26srg8-wkhtmltopdf-bin-0.12.6-3/bin/wkhtmltopdf

EDIT: we should remove wkhtmltopdf soon anyways