Call for testing: OpenSSH 7.2

Damien Miller djm at mindrot.org
Tue Feb 16 11:06:42 AEDT 2016


On Mon, 15 Feb 2016, The Doctor wrote:

> Just tested this on the old BSD/OS machine
>
> works with openssl 1.0.2X
>
> Openssl 1.1.X issues

Thanks for testing.

OpenSSH won't work with OpenSSL until someone ports it and writes
compat shims to make it work with both OpenSSL 1.0.x and 1.1.x. The
1.1.x series breaks source compatibility by making a heap of structures
opaque, including EVP_PKEY which is causing your compile problems in
sshkey.c

Porting is a fair bit of work, since at least some of the the newly-
opaque structs have not previously had accessor functions available, so
I have no intention of starting the effort until 1.1.x is at least in
beta (no point in wasting time on a moving target). It would help if
OpenSSL publish more detailed migration information than is currently
present in https://www.openssl.org/news/openssl-1.1.0-notes.html -
including a full list of things that have been made opaque and some
links to the accessor functions for things that were previously only
reachable directly.

-d




More information about the openssh-unix-dev mailing list