Status of OpenSSL 1.1 support - Thoughts

Gert Doering gert at
Thu Oct 19 17:50:13 AEDT 2017


On Thu, Oct 19, 2017 at 09:43:41AM +1100, Damien Miller wrote:
> You've got this exactly backwards. We don't want a shim that allows
> OpenSSL-1.1 to present a OpenSSL-1.0 API. We want a shim that allows
> us to use the OpenSSL-1.1 API when using OpenSSL-1.0, so we don't have
> to maintain a forest of #ifdefs.

For obvious reasons this shim cannot exist.  If the structure member is
not visible anymore (and might not actually look the way you think it
does), you cannot provide structure definitons that magically give you
access to the members again.

Also, you do not need to maintain a forest of #ifdef - as soon as you
switch the code to only use accessor functions, the only #ifdef you
have is "one for the whole shim" or possibly "one per compat accessor
function" - nicely encapsulated away from the code using the accessor.


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at
fax: +49-89-35655025                        gert at

More information about the openssh-unix-dev mailing list