On Tue, Sep 11, 2018 at 03:37:12PM +0100, Jeremy Harris via Exim-users wrote:
> One wonders if there exists a succinct definition of what the difference
> in the API is. The FAQ section on the openssl.org site doesn't have
> one.
The CHANGES file describes the changes between 1.0.2 and 1.1.0 The
main change is that many structures became opaque, and one now needs
to use accessors. A handful of functions got renamed. For
Postfix, all that needed to be done to make the code work with both
OpenSSL 1.0.x, and OpenSSL 1.1.x was a few macros in a header file:
/* Backwards compatibility with OpenSSL < 1.1.0 */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define OpenSSL_version_num SSLeay
#define OpenSSL_version SSLeay_version
#define OPENSSL_VERSION SSLEAY_VERSION
#define X509_up_ref(x) \
CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
#define EVP_PKEY_up_ref(k) \
CRYPTO_add(&((k)->references), 1, CRYPTO_LOCK_EVP_PKEY)
#define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert)
#define X509_STORE_CTX_get0_untrusted(ctx) ((ctx)->untrusted)
#define X509_STORE_CTX_set0_untrusted X509_STORE_CTX_set_chain
#define X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_trusted_stack
#define ASN1_STRING_get0_data ASN1_STRING_data
#define X509_getm_notBefore X509_get_notBefore
#define X509_getm_notAfter X509_get_notAfter
#define TLS_method SSLv23_method
#define TLS_client_method SSLv23_client_method
#define TLS_server_method SSLv23_server_method
#endif
which then get used instead of bare structure member access or the
obsolete function names. Exim will likely need fewer of these,
since the "danessl" code is already ported to 1.1.0.
> They may well find that applications just refuse to change.
Debian Stretch ships with 1.1.0, applications are moving along.
--
Viktor.
