On 05.08.2011 17:39, William A. Rowe Jr. wrote: > On 8/5/2011 2:57 AM, Stefan Fritsch wrote: >> On Friday 05 August 2011, Kaspar Brand wrote: >>> On 03.08.2011 19:08, William A. Rowe Jr. wrote: >>>> My thought, it probably should be a set of commits; >>>> >>>> * Drop SSLC (first patch) >>>> * Drop OpenSSL < 0.9.7 (second patch) >>>> * Drop ssl_toolkit_compat wrapper (third patch) >>>> * Warn on 0.9.7 and some 0.9.8 flavors (last patch) >>> >>> Ok, I'll try splitting it into more digestible pieces. Do you >>> suggest committing them at the same time then, or possibly wait a >>> few days in between (in case someone wants to build from the >>> interim versions)? >> >> I don't think waiting is necessary. People can always check out an >> interim revision if they want. > > Precisely. This just makes it easier to follow the activity through > svn history.
Committed as r1154683 (drop SSL-C support), r1154687 (remove ssl_toolkit_compat layer), and r1154688 (require OpenSSL 0.9.7). Right now, configure no longer warns about specific older OpenSSL versions - it just checks for OPENSSL_VERSION_NUMBER >= 0x0090700f. Keeping track of vulnerable versions would possibly require frequent updates to acinclude.m4 (also in 2.2.x, of course), and second, I'm not sure how many people really have a close look at the configure output. NetWare folks: please note that I didn't touch modules/ssl/NWGNUmakefile so far - i.e. it still allows building with the "Novell NTLS SDK" (in theory, at least). As I'm neither familiar with the NetWare platform nor do I have a test environment, I'd appreciate if the experts could have a look - and patch, if needed. Thanks! Kaspar
