Status of OpenSSL 1.1 support - Thoughts

Damien Miller djm at
Thu Oct 19 18:03:29 AEDT 2017

On Thu, 19 Oct 2017, Gert Doering wrote:

> Hi,
> On Thu, Oct 19, 2017 at 09:43:41AM +1100, Damien Miller wrote:
> > You've got this exactly backwards. We don't want a shim that allows
> > OpenSSL-1.1 to present a OpenSSL-1.0 API. We want a shim that allows
> > us to use the OpenSSL-1.1 API when using OpenSSL-1.0, so we don't have
> > to maintain a forest of #ifdefs.
> For obvious reasons this shim cannot exist.  If the structure member is
> not visible anymore (and might not actually look the way you think it
> does), you cannot provide structure definitons that magically give you
> access to the members again.

You might want to read what I wrote again, because you've got it
backwards too:

"We want a shim that allows us to use the ***OpenSSL-1.1 API*** when
using OpenSSL-1.0"

The OpenSSL 1.1 API is the one with the opaque structures, so there's
no intrinsic problem implementing it for the 1.0 library, which doesn't.

More information about the openssh-unix-dev mailing list