OpenSSH & OpenSSL 1.1

Jakub Jelen jjelen at redhat.com
Fri Jun 8 03:08:07 AEST 2018


On Tue, 2018-06-05 at 14:16 -0400, rapier wrote:
> Howdy all,
> 
> I know that the OpenSSH team has made a clear and well justified 
> decision regarding interoperability with OpenSSL 1.1. I respect that 
> entirely. That said, I've recently had to deal with a couple of
> users 
> who had a specific set of requirements with building OpenSSH 7.7
> using 
> patches for OpenSSL 1.1 found in the slackware package. 
> (http://slackblog.com/slackware/slackware64-current/source/n/openssh/
> )
> 
> I found it annoying that this patch absolutely required OpenSSL 1.1
> so I 
> modified it to provide a single patch that will compile under
> OpenSSL 
> 1.1 as well as earlier versions. Mostly it's just a whole lot of 
> #if/#else/#endifs to work with the different interfaces.

I did not read this patch nor your modifications, but why to write lot
of ifdefs, when already the first patch submitted (and most of others
used) provided a backward compatibility layer for older OpenSSL's?

https://github.com/openssh/openssh-portable/pull/48/files#diff-f5f8e30c
8b1505f344c9f3d027b18379

If it did not built for you, there was probably something wrong in that
patch (or the compat layer missing since it is not needed for the new
OpenSSL).

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.


More information about the openssh-unix-dev mailing list