[openssl-dev] Seeking feedback on some #ifdef changes

Richard Moore richmoore44 at gmail.com
Fri Jan 23 21:39:38 UTC 2015 

The only one of all those that matters (to me) is OPENSSL_NO_SSL_INTERN
since that provides a way to anticipate the effects of this API change. I'm
fine with it going, but it needs a specified replacement (even if the
replacement is we'll do that by default). Currently for example Qt won't
build with OPENSSL_NO_SSL_INTERN defined since there are fields used for
NPN that we need (iirc).

Cheers

Rich.


On 23 January 2015 at 19:11, Salz, Rich <rsalz at akamai.com> wrote:

>  Looking at just OPENSSL_NO_xxx, we have over 100 openssl #ifdef options
> and we are considering removing nearly a third of them.  Please reply soon
> if the following plan would cause problems. This will happen only in
> master, for post-1.0.2.
>
>  We will remove the following options.  You could argue that the
> OPENSSL_NO_SHAxxx options be treated as crypto, but OpenSSL does not
> compile without SHA and SHA1 defined, and we have no interest in spending
> the time to fix it. So for consistency, we will remove all of them.
>
>         GENUINE_DSA (and the broken DSS0 since SHA0 will be removed)
>
>         OPENSSL_NO_BIO
>
>         OPENSSL_NO_BUFFER
>
>         OPENSSL_NO_BUF_FREELISTS
>
>         OPENSSL_NO_CHAIN_VERIFY
>
>         OPENSSL_NO_DESCBCM (also removing the code; no EVP support)
>
>         OPENSSL_NO_EVP
>
>         OPENSSL_NO_FIPS_ERR
>
>         OPENSSL_NO_HASH_COMP
>
>         OPENSSL_NO_LHASH
>
>         OPENSSL_NO_LOCKING
>
>         OPENSSL_NO_MULTIBYTE (also removing the code)
>
>         OPENSSL_NO_OBJECT
>
>         OPENSSL_NO_RFC3779
>
>         OPENSSL_NO_SHA
>
>         OPENSSL_NO_SHA0 (also removing the code for SHA0)
>
>         OPENSSL_NO_SHA1
>
>         OPENSSL_NO_SHA224
>
>         OPENSSL_NO_SHA256
>
>         OPENSSL_NO_SHA384
>
>         OPENSSL_NO_SHA512
>
>         OPENSSL_NO_SPEED
>
>         OPENSSL_NO_SSL_INTERN (first attempt at making things opaque)
>
>         OPENSSL_NO_STACK
>
>         OPENSSL_NO_STORE
>
>         OPENSSL_NO_TLS
>
>         OPENSSL_NO_TLS1
>
>         OPENSSL_NO_TLS1_2_CLIENT
>
>         OPENSSL_NO_TLSEXT
>
>         OPENSSL_NO_X509
>
>         OPENSSL_NO_X509_VERIFY
>
>
>
>
>
> --
>
> Principal Security Engineer, Akamai Technologies
>
> IM: rsalz at jabber.me Twitter: RichSalz
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150123/515fd4c5/attachment.html>

More information about the openssl-dev mailing list