[OmniOS-discuss] PHEW! OpenSSL 1.0.2g and 1.0.1s NOW OUT, albeit with SSLv2_* enabled

Bob Friesenhahn bfriesen at simple.dallas.tx.us
Wed Mar 2 00:08:11 UTC 2016


On Tue, 1 Mar 2016, Dan McDonald wrote:
>
> Bloody's fate remains up in the air. I'm contemplating removing 
> SSLv2 support from bloody, and when it ships, r151018.  This will 
> require, however, some godawful bootstrapping, akin to the gcc 
> version change I did for r151015/6.  Anyone who's a fan of bloody 
> should followup on this thread to tell me what you think.

If you remove SSLv2 APIs without bumping the major interface of the 
library, then you will curse all already-built user applications with 
the same fate which befell Python.  If you bump the major interface of 
the library, then the old library still needs to be available to 
support existing apps.

We are already on the latest OpenSSL release on the newest branch so 
until upstream makes a breaking release (e.g. the planned 1.1.0), then 
it is not so convenient for OmniOS to do so.  If you wait for 1.1.0, 
then it may be much easier.

Perhaps it is possible to tweak the library (or config file) so that 
SSLv2 won't acutally be used.

Bob
-- 
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/


More information about the OmniOS-discuss mailing list