[reSIProcate] OpenSSL 1.1.0 / non-backwards-compatible API changes
Dario Bozzali
Dario.Bozzali at ifmgroup.it
Fri Nov 18 06:19:24 CST 2016
Hello Daniel,
In my opinion is not a big issue if new reSIProcate release (1.10.3? 1.11?) won't be backward compatible with OpenSSL 1.0.x, because I think that the way is to use last OpenSSL release (1.1.x) and macros creation could be a huge amount of work (honestly I don't know). For example, if you want to use WSS with latest Chrome releases you need to have recent OpenSSL (I'm currently using 1.0.2i), and in the future such situations could be frequent.
We don't have many options. I was able to build reSIPprocate using LibreSSL 2.5 (a branch of OpenSSL 1.0.1g) quite easily, but I think that the best choice is still using OpenSSL.
I don't know if I have time in the near future, anyway I could try to have a look at OpenSSL 1.1. I will keep you informed.
Best regards,
Dario
-----Original Message-----
From: resiprocate-devel [mailto:resiprocate-devel-bounces at resiprocate.org] On Behalf Of Daniel Pocock
Sent: martedì 15 novembre 2016 16.43
To: resiprocate-devel at resiprocate.org
Subject: [reSIProcate] OpenSSL 1.1.0 / non-backwards-compatible API changes
OpenSSL 1.1.0 was recently released.
It appears that GNU/Linux distributions (Debian, Ubuntu, Fedora, ...) will only have 1.1.0 from early 2017. reSIProcate doesn't compile[1] with it.
The API is not backwards compatible, basically, they have made all the structs opaque and provided accessor methods to manipulate them.
a) that is the reason it doesn't compile currently with many applications
b) when reSIProcate is changed for OpenSSL 1.1.0, it may not compile with 1.0.x any more
There is a full guide[2] to porting from 1.0 to 1.1.0. It includes some suggestions about how to create macros for backwards compatibility.
Has anybody else had any thoughts about updating to the new OpenSSL? I may be able to make the necessary tweaks, but if I do then I probably won't create the macros for backwards compatibility
Regards,
Daniel
1. https://release.debian.org/transitions/html/auto-openssl.html
2. https://wiki.openssl.org/index.php/1.1_API_Changes
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel at resiprocate.org
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
More information about the resiprocate-devel
mailing list