Re: Status of OpenSSL 1.1 support

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Salut Emmanuel,

this is merely a minor side-note, but anyway...

Emmanuel Deloget wrote on Mon, Oct 16, 2017 at 06:56:44PM +0200:

> Let's restate these in numbered bullet points:
> 
> (a) somebody sufficiently qualified maintains a compat library
> (b) LibreSSL gains 1.1-compatible interfaces
> (c) OpenSSH switches over

So far, that's an accurate representation of what i tried to
describe as a possible complete solution.

> I'm not sure point (b) is necessary.

I am quite convinced that it is.

The high quality of the OpenSSH codebase is in part due to the
fact that it is an integral part of the OpenBSD base system and
that the compatibility additions in the portable version are kept
minimal.

> The goal of the shim is to
> emulate the OpenSSL 1.1 interface by encapsulating OpenSSL 1.0 /
> LibreSSL code, so no change is needed in the upstream library (that
> would make the change really impossible IMHO). So the problem goes
> down to 2 point: (a) and (c).

No, that is not sufficient, because that would require including the
compat library into the OpenBSD base system.  I cannot imagine how
that could possibly ever happen, no matter how excellent the quality
of the hypothetical compat library would be.

For the possible full solution that i tried to describe, all three
steps are required, and both (a) and (b) must come before (c).


Of course, it might happen that the LibreSSL and OpenSSH developers
eventually come up with completely different solutions that i'm not
yet aware of, but the above is my understanding of the situation at
this point.

Yours,
  Ingo
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux