[openssl-dev] [openssl-users] OPenssl and dependencies such as openssh

Viktor Dukhovni openssl-users at dukhovni.org
Mon Jan 4 19:22:04 UTC 2016


On Mon, Jan 04, 2016 at 09:08:31AM -0700, The Doctor wrote:

>                 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(),
>                     SSLeay_version(SSLEAY_VERSION))) <0)
> 
> Could there be anything that is causing openssh not to see the new openssl 1.1 

The above. The SSLeay names are gone.  The new way is:

	     if ((rc = fprintf(fd ,"%08x (%s)\n", OpenSSL_version_num(),
		 OpenSSL_version(OPENSSL_VERSION))) <0)

I think it is likely prudent at this time to restore source-
backwards-compatible behaviour, by adding to <openssl/crypto.h>:

    #if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L
    # include <openssl/opensslv.h>
    # define SSLeay                  OpenSSL_version_num
    # define SSLeay_version          OpenSSL_version
    # define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
    # define SSLEAY_VERSION          OPENSSL_VERSION
    # define SSLEAY_CFLAGS           OPENSSL_CFLAGS
    # define SSLEAY_BUILT_ON         OPENSSL_BUILT_ON
    # define SSLEAY_PLATFORM         OPENSSL_PLATFORM
    # define SSLEAY_DIR              OPENSSL_DIR
    #endif /* OPENSSL_API_COMPAT */

Users who want to make sure they are avoiding interfaces that are
deprecated with 1.1.0 can set OPENSSL_API_COMPAT to 0x10100000L or
higher as appropriate.

-- 
	Viktor.


More information about the openssl-dev mailing list