OpenSSL 1.1.0 support
Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem
root at doctor.nl2k.ab.ca
Tue Nov 15 04:31:25 AEDT 2016
On Mon, Nov 14, 2016 at 04:36:28PM +0100, Jakub Jelen wrote:
> On 11/02/2016 11:33 PM, Damien Miller wrote:
> > On Wed, 2 Nov 2016, Stuart Henderson wrote:
> >> On 2016-11-02, Jakub Jelen <jjelen at redhat.com> wrote:
> >>> The current set of patches are rebased on current upstream is attached
> >>> with few more tweaks needed to build, pass testsuite and make it work.
> >>> The upstream review and insight would be helpful.
> >> Since these are going to break things with LibreSSL, I doubt they'll be
> >> acceptable as-is.
> > This is the nub of the problem: upstream (OpenBSD) OpenSSH targets
> > LibreSSL natively (it's also used by Apple for their OS X builds). If we
> > pick up the 1.1.0 patch, we'd probably have to do it in portable because
> > there's little point in patching OpenBSD for API that doesn't exist
> > there. I don't want to have to carry such a major divergence in just the
> > portable tree.
> Thank you for the comments. I understand the upstream directions and
> that the OpenSSL step is not ideal. The distros will probably have to
> carry these patches until the changes will settle down a bit.
> Other possible solution we were discussing here was implementation of
> non-OpenSSL specific abstract layer for crypto operations, which would
> allow implementation of cryto-library specific bits in separate file
> (unlike current situation with calls all over the place) and would
> possibly allow different crypto library providers, similar way how the
> audit is handled at this moment. It would also abstract the code from
> the changes in one or the other crypto library interface. Would
> something like this be acceptable for OpenSSH upstream?
All SSL developers have to take into account
2) Openssl 1.0.X and below
3) OPenssl 1.1 +
So stop stop living in the past and march towards the future.
> Kind regards,
> Jakub Jelen
> Software Engineer
> Security Technologies
> Red Hat
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
For effective Internet Etiquette and communications read
More information about the openssh-unix-dev