I think that this is the better approach. The question I have is why
the SSH logic should be dependent on the implementation details of ANY
particular cryptographic library (be it openssl, libressl or whatever)?
Proper software design would develop an abstraction layer with some
measure of forward compatibility built in.
On 6/23/2017 3:16 PM, Douglas E Engert wrote:
OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
a shim for OpenSSL-1.1, the OpenSC code has been converted to
the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and
macros was written to support older versions of OpenSSL and Libressl.
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/sc-ossl-compat.h
The nice part of this approach is when using OpenSSL-1.1 sc-ossl-compat.h
does not do anything. It sole purpose to provide calls to the older APIs
that are not going to change and eventually the sc-ossl-compat.h could be
removed.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
