Re: [RFC] OpenSSL capability detection

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 26 Feb 2013 00:58:09 +1300

On 25/02/2013 11:06 p.m., Eliezer Croitoru wrote:
> On 02/24/2013 11:45 AM, Amos Jeffries wrote:
>> As you may be aware OpenSSL had some API changes which we dutifully
>> wrote #if-#else conditional code for using the mechanisms provided by
>> OpenSSL for the purpose.
>>
>> Then somebody in Fedora or RHEL decided to back-port the
>> functionality into their older OpenSSL version. This corrupted the
>> Fedora 17 release for a short while, just long enough to corrupt the
>> main RHEL 5.* and 6.* distributions, and it now seems to have spread
>> into the CentOS 6.* distributions as well.
>>
>> We are urgently needing somebody to write a ./configure-time test to
>> detect these old corrupted OpenSSL packages which present 1.0.0d API
>> functionality and AC_DEFINE a macro which can be added to the
>> #if-#else conditionals such that they are built using the 1.0.0d+ API
>> of OpenSSL.
>>
>> Any takers?
>>
>> Amos
>>
> and we do have a basic view of the versions of openssl if I remember
> right in some bugzilla reports.
> how *urgently* is it needed? weeks? idea?

Some weeks are fine.

We have been ignoring the issue for months already when it was just one
outdated Fedora and RHEL who are known for sticking doggedly with
obsolete software. But as CentOS has shown it is now spreading across
the whole RHEL-based tree of OS distributions into their 'new' releases.
So if we want 3.2+ usage to pick up in those OS we need it fixed soonish.

Yes. We know what versions of OpenSSL need testing and what to test for.
Just need to get the test coded up and trialled.

Amos
Received on Mon Feb 25 2013 - 11:58:19 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 25 2013 - 12:00:07 MST