[openssl-users] Porting to OpenSSL 1.1

Richard Moore rich at kde.org
Tue Oct 11 08:33:59 UTC 2016


Hi Bero,

Just based on the questions it sounds like you might be trying to port Qt.
I've already done this, and the branch is here:
https://github.com/richmoore/qtbase/commits/openssl11

It'll be added as a new backend once the configure changes that are
underway are completed. See
https://wiki.qt.io/Qt_Network_Workshop_2016#OpenSSL for a road map (or ask!)

Regards

Rich.


On 10 October 2016 at 23:56, Bernhard Rosenkraenzer <bero at lindev.ch> wrote:

> Hi,
> I'm porting some code to OpenSSL 1.1 -- for the most part, it's going
> well, but there's some things I'm not sure about:
>
> - What replaces a direct access to "sha1_hash" in an X509? (found in Qt
> 5.7)
>
> So far, haven't come up with a proper alternative to this. Should the code
> be refactored to use X509_issuer_and_serial_hash (which isn't quite the
> same, but should still give a unique hash)?
> [this is from qHash -- so the purpose really is to get a unique hash of
> the contents]
>
> - What's the best way to copy an EVP_PKEY?
>
> Also from Qt 5.7:
> rsa = RSA_new();
> memcpy(rsa, EVP_PKEY_get1_RSA(pkey), sizeof(RSA));
> [breaks because sizeof(RSA) is no longer known]
> for EC, there's EC_KEY_dup -- for RSA and DSA, not so much.
>
> - What's the proper successor to NETSCAPE_X509? (from kdelibs4support)
> I presume this (the method KSSLCertificate::toNetscape()) can just be
> deleted because nothing should be using Netscape x509 anymore?
>
>
> Outside of those, all problems I've run into so far were fairly easy to
> solve.
>
> ttyl
> bero
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161011/f9e237a1/attachment.html>


More information about the openssl-users mailing list