OpenSSH & OpenSSL 1.1
rapier
rapier at psc.edu
Fri Jun 8 04:45:27 AEST 2018
On 6/7/18 1:08 PM, Jakub Jelen wrote:
> On Tue, 2018-06-05 at 14:16 -0400, rapier wrote:
>> Howdy all,
>>
>> I know that the OpenSSH team has made a clear and well justified
>> decision regarding interoperability with OpenSSL 1.1. I respect that
>> entirely. That said, I've recently had to deal with a couple of
>> users
>> who had a specific set of requirements with building OpenSSH 7.7
>> using
>> patches for OpenSSL 1.1 found in the slackware package.
>> (http://slackblog.com/slackware/slackware64-current/source/n/openssh/
>> )
>>
>> I found it annoying that this patch absolutely required OpenSSL 1.1
>> so I
>> modified it to provide a single patch that will compile under
>> OpenSSL
>> 1.1 as well as earlier versions. Mostly it's just a whole lot of
>> #if/#else/#endifs to work with the different interfaces.
>
> I did not read this patch nor your modifications, but why to write lot
> of ifdefs, when already the first patch submitted (and most of others
> used) provided a backward compatibility layer for older OpenSSL's?
Because I didn't know about it. My interactions with the OpenSSH
developer list are limited. I have the ssh variant I work on (hpn-ssh)
and that's where I try to maintain my focus.
I was asked by someone in the community to look into OpenSSL
compatibility for hpn-ssh based on the patch from slackware that I
pointed to. That wouldn't compile with older versions of OpenSSL. This
seemed silly so I made it so it could. Like I said, I only provided this
because I thought someone might find it useful.
More information about the openssh-unix-dev
mailing list