Hi Dirkjan, sorry for the delay.
On Sat, Sep 17, 2016 at 10:56:13PM +0200, Dirkjan Bussink wrote: > I've gone for a somewhat different approach in this patch with a > compatibility header file. It defines some inline functions from 1.1.0 when > they are not available. Right now it implements the minimal things that > HAProxy needs, so they aren't full replacements of what OpenSSL 1.1.0 would > provide. I definitely like this approach, and to be clear I want it merged before 1.7 release. > It's in a separate header file, was not sure if this was something that > should go in include/proto/ssl_sock.h then. Also brings up the question what > the minimum version of OpenSSL is that is supported? A lot of the functions > used are already available in 1.0.0 (which is already EOL), so not sure if > the compatibility code is needed for 0.9.8 then? Yes I'd rather have it work with 0.9.8 as it's still supported and used by some LTS distros. For example, RHEL5's regular support is due till March 2017 and extended support till november 2020. It's not very likely that such users will decide to upgrade to 1.7 now especially since some of the SSL-related features only work with newer versions. But if we can make it work as it used to with limited effort it's better. Is your current patch capable of supporting 0.9.8 ? > Is this more the approach you were thinking about? Yes definitely. Also your new patch is much more readable and will make it easier to drop older versions in the future, I like it. I'll ping Emeric again since we got no response (ie I'll yell in the office) :-) Thanks! Willy
