OpenSSL 1.1 support status : what next?

George M. Garner Jr. ggarner_online at gmgsystemsinc.com
Sat Jun 24 22:06:15 AEST 2017


I think that this is the better approach.  The question I have is why 
the SSH logic should be dependent on the implementation details of ANY 
particular cryptographic library (be it openssl, libressl or whatever)? 
Proper software design would develop an abstraction layer with some 
measure of forward compatibility built in.

On 6/23/2017 3:16 PM, Douglas E Engert wrote:
> OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
> a shim for OpenSSL-1.1, the OpenSC code has been converted to
> the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and
> macros was written to support older versions of OpenSSL and Libressl.
> 
> https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/sc-ossl-compat.h
> 
> The nice part of this approach is when using OpenSSL-1.1 sc-ossl-compat.h
> does not do anything. It sole purpose to provide calls to the older APIs
> that are not going to change and eventually the sc-ossl-compat.h could be
> removed.
> 


More information about the openssh-unix-dev mailing list