How old a version of OpenSSL do we support?
Hal Murray
halmurray at sonic.net
Tue Jun 11 18:47:12 UTC 2024
We have code like this in several places:
#ifndef EVP_MD_CTX_new
#define EVP_MD_CTX_new() EVP_MD_CTX_create()
#endif
The man page for EVP_MD_CTX_new() says:
The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were
renamed
to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL
1.1.0,
respectively.
OpenSSL says as part of their recent new-version announcement:
We will be also releasing extended support OpenSSL version
1.1.1y which will be available to premium support customers.
So it looks like 1.1.0 isn't supported at all, much less older versions.
But if you aren't using NTS, we just need the crypto routines. So is
anybody running our code without NTS on really really really old versions
of OpenSSL? How would we find out?
I plan to drop all the ifdefs, fixup all the code to use EVP_MD_CTX_new()
and EVP_MD_CTX_free(). Any objections? Anybody know of places running
really really old versions of OpenSSL and running up-to-date versions of
NTPsec?
--
These are my opinions. I hate spam.
More information about the devel
mailing list