[openssl-dev] 1.1 release being delayed

Matt Caswell matt at openssl.org
Fri Jun 24 22:27:05 UTC 2016 


On 24/06/16 22:28, Jouni Malinen wrote:
> On Mon, May 23, 2016 at 01:15:45PM +0000, Salz, Rich wrote:
>> ... in case you haven't noticed :)  Our announced release date for 1.1 has come and gone.
>>
>> We want to close many more bugs before we release it.  In the meantime, please test against master or a daily snapshot or the last beta release.
> 
> It has now been a month from this announcement and there does not seem
> to be any updates to the release strategy (*) which is still claiming
> the "current plan" to be to release 1.1.0 12th May 2016.. While it is
> obviously fine to push out the release to get more fixes in, it would be
> nice to get some more details on the updated release plan and especially
> on whether there is going to be another beta release ("beta 3?") before
> the public release.

The current thinking is Thursday 7th July, although that is not set in
stone as it depends on what happens between now and then. We don't
currently have any plans for a beta 3, although again that could change.

> 
> I'd like to make sure I run my tests against a snapshot that is close to
> the release to check for any late regressions. However, I don't want to
> be doing this on daily basis until some unknown point in time. Would it
> be possible to either make the beta 3 release before the actual 1.1.0
> public release or alternatively, provide some kind of early warning
> couple of weeks before the public release so that it would be easier to
> check for last minute regressions?
> 
> And as far as regressions after beta 2 release are concerned, it looks
> like there was a change in the API that is not backwards compatible. I
> was hoping this would not happen after the "Beta 2 - Opaque work
> complete". Did I misunderstand what that note means?
> 
> The non-compatible change (this actually broke wpa_supplicant build..)
> is this one:
> 
> commit fd809cfdbd6e32b6b67b68c59f6d55fbed7a9327
>     Constify the parameter getters for RSA, DSA and DH
> 
> -void DH_get0_key(const DH *dh, BIGNUM **pub_key, BIGNUM **priv_key)
> +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
> 
> 
> Is there a clear point in time after which the OpenSSL 1.1.0 API is
> expected to be fully frozen for the release (well, other than the final
> public release showing up)?
> 

We are not planning any more opaque work before release, and are trying
to avoid API breaks at this late stage - but we can't fully rule it out
either.

Matt



> 
> (*) https://www.openssl.org/policies/releasestrat.html
>  
>

More information about the openssl-dev mailing list