[exim-dev] OpenSSL revamp work (WIP, nowhere near ready)

Top Page

Reply to this message
Author: Phil Pennock
To: exim-dev
Subject: [exim-dev] OpenSSL revamp work (WIP, nowhere near ready)
Nowhere near complete yet, but:

git://git.exim.org/users/pdp/exim.git branch openssl_revamp

What's there so far is a WIP commit showing how I think things should
look from a parsing PoV and how the settings are validated and a
function to apply the settings to an SSL_CTX* or SSL*.

This has not been compiled. There are probably syntax bugs.
There are no new tests.
There are no documentation changes.
The new functionality is not used anywhere.

This does, however, show roughly how things will look, I think.
All of the above missing pieces will come, with time. Before I merge to

One change from my original proposal: we're using the usual Exim "key =
value" syntax, rather than just "key value".

I abstracted out a couple of names so that they could be stubbed in with
our own logic for backwards compatibility with LibreSSL but there's a
whole bunch of flags which are _not_ in our namespace, so I don't think
that's going to work so well. My initial focus is on working with
OpenSSL 1.0.2/1.1.0/1.1.1.