OpenSSH & OpenSSL 1.1

rapier rapier at psc.edu
Fri Jun 8 04:45:27 AEST 2018



On 6/7/18 1:08 PM, Jakub Jelen wrote:
> On Tue, 2018-06-05 at 14:16 -0400, rapier wrote:
>> Howdy all,
>>
>> I know that the OpenSSH team has made a clear and well justified
>> decision regarding interoperability with OpenSSL 1.1. I respect that
>> entirely. That said, I've recently had to deal with a couple of
>> users
>> who had a specific set of requirements with building OpenSSH 7.7
>> using
>> patches for OpenSSL 1.1 found in the slackware package.
>> (http://slackblog.com/slackware/slackware64-current/source/n/openssh/
>> )
>>
>> I found it annoying that this patch absolutely required OpenSSL 1.1
>> so I
>> modified it to provide a single patch that will compile under
>> OpenSSL
>> 1.1 as well as earlier versions. Mostly it's just a whole lot of
>> #if/#else/#endifs to work with the different interfaces.
> 
> I did not read this patch nor your modifications, but why to write lot
> of ifdefs, when already the first patch submitted (and most of others
> used) provided a backward compatibility layer for older OpenSSL's?

Because I didn't know about it. My interactions with the OpenSSH 
developer list are limited. I have the ssh variant I work on (hpn-ssh) 
and that's where I try to maintain my focus.

I was asked by someone in the community to look into OpenSSL 
compatibility for hpn-ssh based on the patch from slackware that I 
pointed to. That wouldn't compile with older versions of OpenSSL. This 
seemed silly so I made it so it could. Like I said, I only provided this 
because I thought someone might find it useful.


More information about the openssh-unix-dev mailing list