Re: Status of OpenSSL 1.1 support

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 13 Oct 2017, Sebastian Andrzej Siewior wrote:

> Hi,
> 
> more or less a year ago Kurt Roeckx provided an initial port towards the
> OpenSSL 1.1 API [0]. The patch has been left untouched [1] and it has
> been complained about a missing compat layer of the new vs the old API
> within the OpenSSL library [2].
> This is how I reconstructed the situation as of today and I am not
> aware of any progress in regard to the newer library within the OpenSSH
> project. Did I miss any significant development?
> 
> In the `meantime', OpenSSL provides a kind of compat layer [3] which
> (they suggested) should be included in the downstream projects [4].

The compatibility layer is unversioned, incomplete, barely documented
and seems to be unmaintained. Because it isn't a library, they require
it to be added to downstream projects directly. This isn't even close
to a solution.

In the absence of any progress, I'm considering adding some build sugar
to simplify the process of building (and possibly fetching) LibreSSL as
port of the OpenSSH build process. AFAIK Apple's OpenSSH distribution is
already linked against LibreSSL (and of course, OpenBSD does too), so
IMO it's had enough road-testing for general use.

-d

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux