Add OpenSSL 1.1 compatibility library for libmsquic in openSUSE 16.0 helix image

[Copilot]

The openSUSE 16.0 helix image build failed because libmsquic-2.4.8-1 requires libcrypto.so.1.1 (OpenSSL 1.1), but openSUSE 16.0 ships only with OpenSSL 3.x.

Changes

• Add openSUSE 15.6 repository as a package source for OpenSSL 1.1 compatibility libraries
• Install libopenssl1_1 package to satisfy libmsquic's OpenSSL 1.1 dependency
• Use HTTPS for repository URL to prevent MITM attacks

The approach mirrors how other Linux distributions handle OpenSSL version transitions when running packages built against older OpenSSL versions.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[richlander]

@copilot You seem to be drawing the conclusion that libmsquic requires OpenSSL 1.x. What's driving that? Certainly, it works for other targets with OpenSSL 3.x, for example on Ubuntu 22.04+. Does the specific missing dependency indicate OpenSSL 1.x?

[Copilot]

@copilot You seem to be drawing the conclusion that libmsquic requires OpenSSL 1.x. What's driving that? Certainly, it works for other targets with OpenSSL 3.x, for example on Ubuntu 22.04+. Does the ...

You're correct to question that conclusion. I investigated further and found that:

1. libmsquic 2.4.8 (from the openSUSE 15 feed) explicitly requires libcrypto.so.1.1() (OpenSSL 1.1.x)
2. libmsquic 2.4.15+ requires libcrypto.so.3() (OpenSSL 3.x) and works with modern systems

The issue is that the package was pinned to 2.4.8, which is built against OpenSSL 1.1. Newer versions (2.4.15, 2.4.16) use OpenSSL 3.x like Ubuntu 22.04+.

However, upgrading to 2.4.16 reveals a different problem: the RPM has dependencies (libnl3 >= 3.0, libxdp >= 1.4.0) that don't match openSUSE 16.0's packaging (it has libnl3-200 and libxdp1 but they don't provide the virtual package names the RPM expects).

The real issue is that Microsoft doesn't provide openSUSE 16-specific packages - only openSUSE 15 packages, which have packaging incompatibilities with openSUSE 16.

[richlander]

@copilot Please see this: microsoft/msquic#5567 (comment)

The issue should be addressed in v2.4.17-rc (already published).
Stable version v2.4.17 and v2.5.6 will be released shortly to make the fix available by default.

That's from yesterday.

[Copilot]

@copilot Please see this: microsoft/msquic#5567 (comment)

...

That's great news! I checked and v2.4.17-rc is available in the Ubuntu feed but not yet in the openSUSE feed. Once libmsquic 2.4.17 is published to the openSUSE feed at packages.microsoft.com, we can upgrade to it and remove the OpenSSL 1.1 compatibility workaround.

For now, the current solution (using 2.4.8 with OpenSSL 1.1 compatibility) works and unblocks the openSUSE 16.0 image. Should I update the Dockerfile to upgrade to 2.4.17 once it becomes available, or would you prefer to merge this as-is and upgrade in a follow-up PR?