crypto stuff is broken with old versions of OpenSSL

Hal Murray hmurray at
Sun Feb 18 05:36:16 UTC 2018

> What version of openssl was failing to build?
> Is it a version that's still supported upstream by the OpenSSL project?

I don't know what is supported by OpenSSL, but it didn't build on several old 
but still supported distros.  I'll dig out the details I can easily get if 
you want.

The HISTORY section of a modern (1.1.0g) man page says:

       EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to
       EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.

The old code used the old names.  When I was working on that area, I was 
working from a modern man page so I used the modern names.  The old names are 
  /usr/include/openssl/evp.h:# define EVP_MD_CTX_create()     EVP_MD_CTX_new()
So (slightly) old code still builds on modern systems.

(That man page is buggy in that it doesn't mention the corresponding init=>
reset change.)

So rather than switch to the old names, I hacked in a couple of reverse 
aliases that make the new code work on (slightly) old systems.

I don't think it's worth changing waf.  I don't know how to determine the 
correct minimum version number.  It might be appropriate to add a link to 
this discussion.

attic/digest-find already prints out the version number.  I just added the 
version string.

These are my opinions.  I hate spam.

More information about the devel mailing list