Switch from OpenSSL to LibreSSL in Dockerfile

Many of the recent releases of Webdis have been to address major vulnerabilities in OpenSSL. I'm hoping that LibreSSL will have fewer CVEs, given its proactive approach and focus on security and code clarity. The switch is easy given that the two libraries are largely compatible with each other, meaning this will require no code change in Webdis or its Hiredis dependency.
nicolasff · Aug 22, 2023 · b134106 · b134106
1 parent 8a0c442
commit b134106
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:3.18.3 AS stage
 LABEL maintainer="Nicolas Favre-Felix <n.favrefelix@gmail.com>"
 
-RUN apk update && apk add wget make gcc libevent-dev msgpack-c-dev musl-dev openssl-dev bsd-compat-headers jq
+RUN apk update && apk add wget make gcc libevent-dev msgpack-c-dev musl-dev libressl-dev bsd-compat-headers jq
 RUN wget -q https://api.github.com/repos/nicolasff/webdis/tags -O /dev/stdout | jq '.[] | .name' | head -1  | sed 's/"//g' > latest
 RUN wget https://github.com/nicolasff/webdis/archive/$(cat latest).tar.gz -O webdis-latest.tar.gz
 RUN tar -xvzf webdis-latest.tar.gz
@@ -11,9 +11,7 @@ RUN sed -i -e 's/"daemonize":.*true,/"daemonize": false,/g' /etc/webdis.prod.jso
 # main image
 FROM alpine:3.18.3
 # Required dependencies, with versions fixing known security vulnerabilities
-RUN apk update && apk add libevent msgpack-c openssl \
-    'redis>=6.2.10' 'libssl3>=3.0.10-r0' 'libcrypto3>=3.0.10-r0' \
-    'libssl1.1' 'libcrypto1.1>=1.1.1u-r1' && \
+RUN apk update && apk add libevent msgpack-c libressl 'redis>=7.0.10' && \
     rm -f /var/cache/apk/* /usr/bin/redis-benchmark /usr/bin/redis-cli
 COPY --from=stage /usr/local/bin/webdis /usr/local/bin/webdis-ssl /usr/local/bin/
 COPY --from=stage /etc/webdis.prod.json /etc/webdis.prod.json