[openssl-dev] [openssl.org #4589] Resolved: simplifying writing code that is 1.0.x and 1.1.x compatible
Matt Caswell via RT
rt at openssl.org
Wed Jun 29 08:12:00 UTC 2016
On 29/06/16 08:33, Tomas Mraz via RT wrote:
> On Út, 2016-06-28 at 22:10 +0000, Thomas Waldmann via RT wrote:
>> On 06/28/2016 11:18 PM, Kurt Roeckx via RT wrote:
>>>
>>> On Mon, Jun 27, 2016 at 08:50:43PM +0000, Thomas Waldmann via RT
>>> wrote:
>>>>
>>>> I didn't ask where to get the missing code from, I asked whether
>>>> you
>>>> maybe want to make life simpler for people by adding this to
>>>> 1.0.x
>>>> rather than having a thousand software developers copy and
>>>> pasting it
>>>> into their projects.
>>> I think this will not actually make life easier. People using a
>>> 1.0.x version are not always using the latest 1.0.x version.
>> Aren't they?
>>
>> Don't they use 1.0.xLATEST rather soon, due to security fixes?
No, many do not. Most distros just cherry-pick the actual security fixes.
>>
>> And in case some dist maintainer chooses to rather backport, couldn't
>> they also backport the added function if it is documented as "openssl
>> 1.1.x migration support" or so?
>>
>> We aren't talking about incompatible changes, just adding 2 trivial
>> functions that were not there yet (but should have been there, when
>> looking at the rest of the API).
Well its 2 functions that you are interested in. There are actually
quite a lot of these types of things.
> You might get such kind of backport to something that still evolves
> such as (RHEL/CentOS 7) however you would not get it in older releases
> (RHEL/CentOS 5 and most probably RHEL/CentOS 6 either).
>
> So you will still be facing the issue that there are environments where
> someone wants to build your code and these functions are not present.
Exactly!
I do think it would be a good idea to create a separate stand alone
"openssl-compat" repo on github somewhere, i.e. to just provide the
missing functions and translate them into the 1.0.2 way of doing things.
I'd create such a thing myself, but I'm fully focussed on just getting
1.1.0 out the door!
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4589
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list