On Tue, Feb 21, 2012, Kurt Roeckx wrote: > On Sat, Jan 14, 2012 at 08:11:30PM +0100, Andy Polyakov wrote: > > It's unfortunate and should have been taken care of at 1.0.0 release. I > > mean it should have been 1.0 or 10 or something. > > > > > I'd just like verification that this is intentional and we can expect > > > binaries built against the 1.0.0 shared libs to run fine using the > > > 1.0.1 shared libs. > > > > Incompatibilities will be treated as bugs, so I'd in fact encourage test > > with binaries compiled with 1.0.0. > > You might want to look at this report: > http://www.upstream-tracker.org/compat_reports/openssl/1.0.0g_to_1.0.1-beta2/abi_compat_report.html >
Interesting. Comments on the results: The adding of fields in the middle of structures will be addressed as I regard those as bugs. Changing size of structures such as SSL, SSL_CTX is not a problem as these are only ever created using library functions. The constification in EVP_PKEY_new_mac_key() was just fixing the fact that it wasn't declared const before. The EVP_MAX_KEY_LENGTH has increased but the only ciphers which need the extended key length are ones that have been added: therefore existing applications will never reference them. SSL_OP_PKCS1_CHECK_* were never used and cause connection failures if set. SL_R_MULTIPLE_SGC_RESTARTS is an error code which can be changed to match 1.0.0 for consistency. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org