Login | Register
My pages Projects Community openCollabNet

Discussions > dev > Re: openssl 1.1.0

Project highlights: :. Download .: :. Support .: :. FAQ .: :. Translations .: :. Donate .: :. Report Bug .:

Discussion topic

Back to topic list

Re: openssl 1.1.0

Author Ivan Zhakov <ivan at visualsvn dot com>
Full name Ivan Zhakov <ivan at visualsvn dot com>
Date 2016-09-05 12:34:48 PDT
Message On 5 September 2016 at 21:51, Stefan Küng <tortoisesvn at gmail dot com> wrote:
> On 05.09.2016 20:45, Ivan Zhakov wrote:
>> On 1 September 2016 at 20:55, Stefan Küng <tortoisesvn at gmail dot com> wrote:
>>> Hi,
>>> Since OpenSSL 1.1.0 is out now, I've got it ready to build with TSVN.
>>> But OpenSSL 1.1.0 is a big change since 1.0.2, so I had to make some
>>> changes to make it build: the ntml-sasl plugin needed some code patches,
>>> and we already have patched the e_capi.c file in openssl for our needs
>>> which needed some more changes as well. Actually, that one required to
>>> include some now internal structs from openssl - those were not internal
>>> in 1.0.2 but we still need those even though they're now private in 1.1.0.
>>> So, I've got the patch ready to get OpenSSL 1.1.0 included in TSVN.
>>> Question is: should I commit that change? Or do we want to stay on the
>>> 1.0.x line of OpenSSL?
>> Hi Stefan!
>> Is there anything useful/important for TortoiseSVN in OpenSSL 1.1.0?
> Well, not really important.
> But I usually like to update to the latest version of all linked libs in
> a project. Otherwise if you wait too long, it will be much harder to
> upgrade those later once you skipped a few versions. And you *will* have
> to upgrade one day because older versions tend to not get security
> updates anymore.
> So, that's actually my only reason: keeping up with the latest version.
Please note that OpenSSL 1.0.2 is LTS release: it will be supported
until 2019-12-31. While OpenSSL 1.1.0 is a normal release, and will to
be supported until 2018-04-30 [1]

>> I think RAND_poll() optimization could be useful for TortoiseSVN. TSVN
>> already has a patch for this, but OpenSSL 1.1.0 RAND_poll()
>> implementation is better. Another interesting new feature is support
>> for ChaCha20 encryption cipher. But I don't remind anything else.
> Any new ciphers are good: our users might need them if they connect to
> latest systems.
> If you don't have any objections, I'll commit my changes soon.
> But we will keep them on trunk and have the stable branch keep using
> OpenSSL 1.0.2.
I don't have any objections against switch TortoiseSVN trunk to OpenSSL 1.1.0.

Btw did you consider using vendor/upstream branch to maintain e_capi
patches for OpenSSL? I mean import OpenSSL 1.1.0 to something like
/upstream/openssl, then copy it to /trunk/ext/openssl. Apply patches.
When OpenSSL 1.1.0a will be released we just need to update
/upstream/openssl and then merge changes from /upstream/openssl to

[1] https://www.openssl.​org/policies/release​strat.html

Ivan Zhakov

« Previous message in topic | 4 of 4 | Next message in topic »


Show all messages in topic

openssl 1.1.0 steveking Stefan Küng 2016-09-01 10:55:46 PDT
     Re: openssl 1.1.0 Ivan Zhakov <ivan at visualsvn dot com> Ivan Zhakov <ivan at visualsvn dot com> 2016-09-05 11:46:00 PDT
         Re: openssl 1.1.0 steveking Stefan Küng 2016-09-05 11:51:38 PDT
             Re: openssl 1.1.0 Ivan Zhakov <ivan at visualsvn dot com> Ivan Zhakov <ivan at visualsvn dot com> 2016-09-05 12:34:48 PDT
Messages per page: