Status of OpenSSL 1.1 support - Thoughts
Damien Miller
djm at mindrot.org
Thu Oct 19 18:03:29 AEDT 2017
On Thu, 19 Oct 2017, Gert Doering wrote:
> Hi,
>
> On Thu, Oct 19, 2017 at 09:43:41AM +1100, Damien Miller wrote:
> > You've got this exactly backwards. We don't want a shim that allows
> > OpenSSL-1.1 to present a OpenSSL-1.0 API. We want a shim that allows
> > us to use the OpenSSL-1.1 API when using OpenSSL-1.0, so we don't have
> > to maintain a forest of #ifdefs.
>
> For obvious reasons this shim cannot exist. If the structure member is
> not visible anymore (and might not actually look the way you think it
> does), you cannot provide structure definitons that magically give you
> access to the members again.
You might want to read what I wrote again, because you've got it
backwards too:
"We want a shim that allows us to use the ***OpenSSL-1.1 API*** when
using OpenSSL-1.0"
The OpenSSL 1.1 API is the one with the opaque structures, so there's
no intrinsic problem implementing it for the 1.0 library, which doesn't.
More information about the openssh-unix-dev
mailing list