New OpenSSL Releases

Dennis Clarke dclarke at blastwave.org
Tue Sep 12 17:32:59 UTC 2023


On 9/12/23 12:34, Matt Caswell wrote:
> The OpenSSL project team would like to announce the upcoming release of 
> OpenSSL versions 3.1.3 and 3.0.11.
> 
> These releases will be made available on Tuesday 19th September 2023 
> between 1300-1700 UTC.
> 
> These are security-fix releases. The highest severity issue fixed in 
> each of these two releases is Low:
> 
> https://www.openssl.org/policies/secpolicy.html


     Can the OTC ( OpenSSL Technical Committee [1] ) please have a
meeting and then issue a clear statement regarding section 14 of
the Coding Style document :

         https://www.openssl.org/policies/technical/coding-style.html

         Chapter 14: Portability

         To maximise portability the version of C defined in
         ISO/IEC 9899:1990 should be used. This is more commonly
         referred to as C90. ISO/IEC 9899:1999 (also known as C99) is
         not supported on some platforms that OpenSSL is used on and
         therefore should be avoided.

     There I see the use of the word "should" as opposed to "must".

     The codebase has drifted and there are a very few places where an
honest attempt to comply with ISO/IEC 9899:1990 will fail. My intention
here is clarity of compliance statement such that portability is assured
in much the same way as the Curl/libCurl projects and a few others.

--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken

[1] https://www.openssl.org/community/otc.html






More information about the openssl-users mailing list