[openssl-users] [openssl-dev] The evolution of the 'master' branch

Matt Caswell matt at openssl.org
Sun Feb 8 00:19:39 UTC 2015

On 07/02/15 14:41, Richard Moore wrote:
> On 3 February 2015 at 22:02, Rich Salz <rsalz at openssl.org
> <mailto:rsalz at openssl.org>> wrote:
>     As we've already said, we are moving to making most OpenSSL data
>     structures opaque. We deliberately used a non-specific term. :)
>     As of Matt's commit of the other day, this is starting to happen
>     now.  We know this will inconvenience people as some applications
>     no longer build.  We want to work with maintainers to help them
>     migrate, as we head down this path.
>     We have a wiki page to discuss this effort.  It will eventually include
>     tips on migration, application and code updates, and anything else the
>     community finds useful.  Please visit:
>             http://wiki.openssl.org/index.php/1.1_API_Changes
> I've documented what got broken in Qt by the changes so far. I've listed
> the functions I think we can use instead where they exist, and those
> where there does not appear to be a replacement.

On the wiki you say this:

"cipher->valid - we were directly accessing the valid field of
SSL_CIPHER. No replacement found."

I'm just trying to work out why you need this? As far as I can tell from
the code the only time valid isn't true is for cipher aliases ("ALL",
"COMPLEMENTOFALL" etc)...but I thought these were only used as an
SSL_CIPHER internally. E.g. if you call SSL_get_ciphers() then you only
get valid ciphers I think??

What scenario do you have where you are seeing ciphers that aren't valid?


More information about the openssl-users mailing list