Status of OpenSSL 1.1 support

Colin Watson cjwatson at debian.org
Mon Oct 16 20:29:40 AEDT 2017


On Mon, Oct 16, 2017 at 09:35:52AM +0200, Gert Doering wrote:
> On Sun, Oct 15, 2017 at 10:51:46PM +0100, Colin Watson wrote:
> > Is it actually a requirement that an API compatibility layer be
> > maintained by the OpenSSL team, or could a hypothetical group of
> > external developers interested in breaking this stalemate fork
> > openssl-compat.tar.gz, stick it in a git repository somewhere, and start
> > making versioned releases and trying to address the other problems you
> > describe?  Of course that's only really a worthwhile exercise if OpenSSH
> > would be willing to use it, and it would be good to limit the scope of
> > the problem to "things needed by the handful of projects that really
> > need this" rather than "the entire OpenSSL 1.0 API".
> 
> The catch here is: the shim does not provide "the OpenSSL 1.0 API" - it
> provides the OpenSSL *1.1* API to projects being compiled against 1.0.

Right, I realise that but I put it badly.  What I meant to say was
something like "1.1 equivalents for the API provided by 1.0".  Anyway,
this is probably moot given Ingo's reply.

-- 
Colin Watson                                       [cjwatson at debian.org]


More information about the openssh-unix-dev mailing list