Re: [openssl-users] OpenSSL Release Strategy and Blog

2016-09-09 Thread Jeffrey Walton
On Fri, Sep 9, 2016 at 8:26 AM, Pfluegl, Andreas wrote: > We started using OpenSSL in 2010 for Windows and Linux. We gladly followed > the release strategy suggestion, as it allowed us to deliver patches without > recompiling our code. So we still compile and link our code

Re: [openssl-users] OpenSSL Release Strategy and Blog

2016-09-09 Thread Pfluegl, Andreas
We started using OpenSSL in 2010 for Windows and Linux. We gladly followed the release strategy suggestion, as it allowed us to deliver patches without recompiling our code. So we still compile and link our code against 1.0.0 while delivering the current 1.0.2x versions (which by the way works

Re: [openssl-users] OpenSSL Release Strategy and Blog

2015-01-07 Thread Jakob Bohm
On 28/12/2014 12:26, Kurt Roeckx wrote: On Sun, Dec 28, 2014 at 01:31:38AM +0100, Jakob Bohm wrote: 3. The 1.0.x binary compatibility promise seems to not have been completely kept. As recently as just this December, As a practical example: I had an OS upgrade partially fail due to the

Re: [openssl-users] OpenSSL Release Strategy and Blog

2015-01-07 Thread Jakob Bohm
On 29/12/2014 01:37, Matt Caswell wrote: On 28/12/14 00:31, Jakob Bohm wrote: On 24-12-2014 00:49, Matt Caswell wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You will have noticed that the OpenSSL 1.0.0 End Of Life Announcement contained a link to the recently published OpenSSL Release

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-28 Thread Kurt Roeckx
On Sun, Dec 28, 2014 at 01:31:38AM +0100, Jakob Bohm wrote: 3. The 1.0.x binary compatibility promise seems to not have been completely kept. As recently as just this December, As a practical example: I had an OS upgrade partially fail due to the presence of a self-compiled up to date

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-28 Thread Matt Caswell
On 28/12/14 00:31, Jakob Bohm wrote: On 24-12-2014 00:49, Matt Caswell wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You will have noticed that the OpenSSL 1.0.0 End Of Life Announcement contained a link to the recently published OpenSSL Release Strategy that is available here:

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-28 Thread Salz, Rich
For comparison, Microsoft I'm not quite sure how we should respond to any paragraph that begins with those words. :) I respectfully disagree. We, the OpenSSL dev team, all do. The release strategy document is the strong consensus of the entire team. -- Principal Security Engineer,

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-27 Thread Jakob Bohm
On 24-12-2014 00:49, Matt Caswell wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You will have noticed that the OpenSSL 1.0.0 End Of Life Announcement contained a link to the recently published OpenSSL Release Strategy that is available here:

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-27 Thread Salz, Rich
Thanks for the detailed and thoughtful reply. I just want to emphasize that it was not a hasty decision; we talked about it a great deal, and we discussed the impacts as best as we could. Our minds are pretty made up. Not everyone will be happy with all aspects. Luckily, they have the source

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-26 Thread Salz, Rich
Where's a good place to propose them? Here's what I currently use: Well, watch the openssl-dev list. Check on master periodically. No specific plans yet other than the preview release. Generate a key pair and return n,p,q,d Generate the public key structure from n,e Generate the private

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-25 Thread Ken Goldman
On 12/24/2014 4:35 PM, Salz, Rich wrote: 1 - Will the RSA structure be opaque? I have a continuing need to construct an RSA structure from binary arrays of public and private key parts and vice versa. Will I lose that? Maybe. Proposing new constructors that met your needs is probably a good

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-25 Thread Ken Goldman
On 12/24/2014 5:46 PM, Jeffrey Walton wrote: Here's another counterpoint: when those structures are made opaque, that means we have to go to the memory manager for a struct that could otherwise be stack based. And we have to free it. That can slow things down considerably. My intuition says

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-24 Thread Ken Goldman
Version 1.1.0 will (moderately) break source compatibility (for example we will make most structures opaque etc). I as a user, I have two points of concern 1 - Will the RSA structure be opaque? I have a continuing need to construct an RSA structure from binary arrays of public and private

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-24 Thread Salz, Rich
1 - Will the RSA structure be opaque? I have a continuing need to construct an RSA structure from binary arrays of public and private key parts and vice versa. Will I lose that? Maybe. Proposing new constructors that met your needs is probably a good thing to do. 2 - The SHA contexts

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-24 Thread Dr. Stephen Henson
On Wed, Dec 24, 2014, Ken Goldman wrote: Version 1.1.0 will (moderately) break source compatibility (for example we will make most structures opaque etc). I as a user, I have two points of concern 1 - Will the RSA structure be opaque? I have a continuing need to construct an RSA

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-24 Thread Richard Moore
What I'd find useful would be a branch for me to test with so that I can let you know areas where we're having to get into the guts of an openssl structure right now that will be opaque in future. IIRC last time I tried using the define to minimise the exposed api (I forget what it was called)

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-24 Thread Jeffrey Walton
On Wed, Dec 24, 2014 at 4:55 PM, Dr. Stephen Henson st...@openssl.org wrote: On Wed, Dec 24, 2014, Ken Goldman wrote: Version 1.1.0 will (moderately) break source compatibility (for example we will make most structures opaque etc). I as a user, I have two points of concern 1 - Will the

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-24 Thread Salz, Rich
But I despise having to go to the memory manager for something like a BN_CTX that could live on the stack. Sorry, but that's the way it's gonna be. There are plenty of things to despise in OpenSSL, I wouldn't have put must allocate structures from the heap anywhere near the top of my list :)

Re: [openssl-users] OpenSSL Release Strategy and Blog

2014-12-24 Thread Salz, Rich
What I'd find useful would be a branch for me to test with Well, the release doc says our goal is year-end release with a previous mid-year. Once 1.0.2 goes out, I would assume that 'master' will get a lot of activity in that area, and you can try with that. Note that I think the goal of

[openssl-users] OpenSSL Release Strategy and Blog

2014-12-23 Thread Matt Caswell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You will have noticed that the OpenSSL 1.0.0 End Of Life Announcement contained a link to the recently published OpenSSL Release Strategy that is available here: https://www.openssl.org/about/releasestrat.html I have put up a blog post on the