I am currently running 6.0.7 on Windows, which came with openssl 3.0.3.0. My IT is requesting I uninstall openssl 3.0.3.0 or update to openssl 3.0.7 due to a recently patched security vulnerability. I’d rather not break the software, so I was hoping someone here could help answer a few questions
Is KiCad 6.0.7 (or a newer version) compatible with openssl 3.0.7? i.e. if I uninstall 3.0.3 and install 3.0.7 will KiCad still work?
If not, could I get away with uninstalling openssl and still be able to run basic features of KiCad?
I can’t speak for Windows, but on Linux libraries like openssl generally maintain ABI compatibility within major versions, so a bugfix release like from .0.3 to .0.7 is unlikely to break applications.
I would imagine it would be fine to upgrade openssl as I’m guessing KiCad only uses this to connect to external web sites (via plugins)
Upgrade it and see what happens. Worse case something breaks, you can always reinstall. Maybe at the same time install 6.0.9. They may have updated openssl since then. (I’m on Linux so can’t check)
@marekr kicad on windows uses system ssl libs, right? At least I looked at dll dependencies and couldn’t find anything using libssl or libcrypto, even libcurl uses crypt32.dll and not openssl. Or am I missing something?
Maybe we are still packaging openssl libs with kicad just by inertia and it doesn’t really need them.
