Re: Openssl 1.0.0
On Tue, Mar 08, 2011 at 11:11:15PM +0100, Jakub Wilk wrote:
> * Kurt Roeckx <firstname.lastname@example.org>, 2011-02-13, 00:27:
> >I would like to upload version 1.0.0(d) to unstable soon. It
> >changes soname, but as far as I know the API is still compatible
> >with the old one, and you should be able to rebuild everything
> >against the new version.
> Support for SSLv2 has been disabled in openssl 1.0.0c-2. We have a
> few dozens of packages in the archive that are not prepared for
> this: when rebuilt, they will either FTBFS or, worse, produce shared
> libraries with missing symbols.
We really should stop using SSLv2. It was either making the
functions related to ssl 2 do nothing, and potentionally silently
breaking the applications, or just removing the related function
from the API and trying to make sure they fail on build and
hopefully catch most of the problems like that.
I think I'll also change some of the header files so that no v2
related things are defined or declared, since the define for it
doesn't seem to be used correctly everywhere.