Salut Emmanuel, this is merely a minor side-note, but anyway... Emmanuel Deloget wrote on Mon, Oct 16, 2017 at 06:56:44PM +0200: > Let's restate these in numbered bullet points: > > (a) somebody sufficiently qualified maintains a compat library > (b) LibreSSL gains 1.1-compatible interfaces > (c) OpenSSH switches over So far, that's an accurate representation of what i tried to describe as a possible complete solution. > I'm not sure point (b) is necessary. I am quite convinced that it is. The high quality of the OpenSSH codebase is in part due to the fact that it is an integral part of the OpenBSD base system and that the compatibility additions in the portable version are kept minimal. > The goal of the shim is to > emulate the OpenSSL 1.1 interface by encapsulating OpenSSL 1.0 / > LibreSSL code, so no change is needed in the upstream library (that > would make the change really impossible IMHO). So the problem goes > down to 2 point: (a) and (c). No, that is not sufficient, because that would require including the compat library into the OpenBSD base system. I cannot imagine how that could possibly ever happen, no matter how excellent the quality of the hypothetical compat library would be. For the possible full solution that i tried to describe, all three steps are required, and both (a) and (b) must come before (c). Of course, it might happen that the LibreSSL and OpenSSH developers eventually come up with completely different solutions that i'm not yet aware of, but the above is my understanding of the situation at this point. Yours, Ingo _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev