[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL 1.1.0

On Sat, Jun 11, 2016 at 02:30:37PM +0200, Kurt Roeckx wrote:

> The release of OpenSSL 1.1.0 is getting nearer.  Some packages
> will no longer build with the new version without changes.  Most
> of those changes should be trivial, like you can't allocate some
> structures on the stack anymore and need to use the correct _new()
> and _free() function.
> It can also mean that you can't directly access some members of
> those structures anymore and need to use a function instead.

While I think these changes are very good, upgrading is not trivial.
Especially not if, as an upstream project, you want to stay compatible
with older versions of OpenSSL as well; at least with 1.0.1/1.0.2,
because many distributions use that in their stable releases.

> Guus Sliepen <guus@debian.org>
>    tinc

Luckily, with tinc I can get away with doing some autoconf checks to see
if BN_GENCB_new()/_free() and RSA_set0_key() exist, and if not provide
my own versions. And I'll have to check compatibility with LibreSSL as
well. It's just so you know that it's not as trivial as you make it

Met vriendelijke groet / with kind regards,
      Guus Sliepen <guus@debian.org>

Attachment: signature.asc
Description: Digital signature

Reply to: