< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] OpenSSL 1.1.0 / non-backwards-compatible API changes


Hello Daniel,
In my opinion is not a big issue if new reSIProcate release (1.10.3? 1.11?) 
won't be backward compatible with OpenSSL 1.0.x, because I think that the way 
is to use last OpenSSL release (1.1.x) and macros creation could be a huge 
amount of work (honestly I don't know). For example, if you want to use WSS 
with latest Chrome releases you need to have recent OpenSSL (I'm currently 
using 1.0.2i), and in the future such situations could be frequent.
We don't have many options. I was able to build reSIPprocate using LibreSSL 2.5 
(a branch of OpenSSL 1.0.1g) quite easily, but I think that the best choice is 
still using OpenSSL.
I don't know if I have time in the near future, anyway I could try to have a 
look at OpenSSL 1.1. I will keep you informed.
Best regards,
Dario

-----Original Message-----
From: resiprocate-devel [mailto:resiprocate-devel-bounces@xxxxxxxxxxxxxxx] On 
Behalf Of Daniel Pocock
Sent: martedì 15 novembre 2016 16.43
To: resiprocate-devel@xxxxxxxxxxxxxxx
Subject: [reSIProcate] OpenSSL 1.1.0 / non-backwards-compatible API changes


OpenSSL 1.1.0 was recently released.

It appears that GNU/Linux distributions (Debian, Ubuntu, Fedora, ...) will only 
have 1.1.0 from early 2017.  reSIProcate doesn't compile[1] with it.

The API is not backwards compatible, basically, they have made all the structs 
opaque and provided accessor methods to manipulate them.

a) that is the reason it doesn't compile currently with many applications

b) when reSIProcate is changed for OpenSSL 1.1.0, it may not compile with 1.0.x 
any more

There is a full guide[2] to porting from 1.0 to 1.1.0.  It includes some 
suggestions about how to create macros for backwards compatibility.

Has anybody else had any thoughts about updating to the new OpenSSL?  I may be 
able to make the necessary tweaks, but if I do then I probably won't create the 
macros for backwards compatibility

Regards,

Daniel


1. https://release.debian.org/transitions/html/auto-openssl.html

2. https://wiki.openssl.org/index.php/1.1_API_Changes




_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel