On Sun, Jun 01, 2014 at 08:32:55PM +0200, Dr. Stephen Henson wrote:
> > Repurposing bits in this way is problematic if that bit meant something else
> > in any OpenSSL-1.x.y release (notional ABI). If the bit is from 0.9.x, and
> > was never used in 1.x.y, then it is OK.
> >
> > I think it is actually a feature for older apps to not by default
> > enable some feature that they have no way to disable.
> >
>
> Well the previous purpose of the bit was *ancient* referring to SSLRef and
> SSLv2 only and probably has been there since SSLeay.
And yet, reporposing a bit is an ABI change. Applications that
enable/disable
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
will now be inadvertently enabling/disabling SSL_OP_TLSEXT_PADDING.
Option bits can only be repurposed across ABI changes. Please do not
do this in a micro or patch version update.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
