How old a version of OpenSSL do we support?

Hal Murray halmurray at sonic.net
Tue Jun 11 18:47:12 UTC 2024


We have code like this in several places:
  #ifndef EVP_MD_CTX_new
  #define EVP_MD_CTX_new() EVP_MD_CTX_create()
  #endif

The man page for EVP_MD_CTX_new() says:
       The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were 
renamed
       to   EVP_MD_CTX_new()   and   EVP_MD_CTX_free()   in   OpenSSL   
1.1.0,
       respectively.

OpenSSL says as part of their recent new-version announcement:
  We will be also releasing extended support OpenSSL version
  1.1.1y which will be available to premium support customers.

So it looks like 1.1.0 isn't supported at all, much less older versions.  
But if you aren't using NTS, we just need the crypto routines.  So is 
anybody running our code without NTS on really really really old versions 
of OpenSSL?   How would we find out?

I plan to drop all the ifdefs, fixup all the code to use EVP_MD_CTX_new() 
and EVP_MD_CTX_free().  Any objections?  Anybody know of places running 
really really old versions of OpenSSL and running up-to-date versions of 
NTPsec?


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list