Am 16.03.2018 um 15:11 schrieb Gedare Bloom: > On Tue, Mar 13, 2018 at 10:02 AM, Christian Mauderer > <christian.maude...@embedded-brains.de> wrote: >> Some applications (like the civetweb web server) still use functions >> that are deprecated by openssl. If OPENSSL_NO_DEPRECATED is defined, >> openssl will not provide these functions. This patch removes the define >> so that the functions are available. >> --- > > What are the negative consequences to this? I'm quite leery about > enabling deprecated features in a security library. > > What is the cost to fix civetweb instead? > > -Gedare
Hello Gedare, there are still a lot of application that use the deprecated API. A quick search on github for one of the deprecated functions (ERR_remove_state) provided nearly 50000 results: https://github.com/search?l=C&q=+ERR_remove_state&type=Code&utf8=%E2%9C%93 Beneath that I just checked on my OpenSUSE machine and on a FreeBSD VM: They still provide this function. So I wouldn't see a problem with that. Best regards Christian > >> libbsd.py | 3 +-- >> libbsd_waf.py | 2 +- >> 2 files changed, 2 insertions(+), 3 deletions(-) >> >> diff --git a/libbsd.py b/libbsd.py >> index f70b4ead..233c06cd 100644 >> --- a/libbsd.py >> +++ b/libbsd.py >> @@ -3614,8 +3614,7 @@ def crypto_openssl(mm): >> 'crypto/openssl/crypto/cversion.c', >> 'crypto/openssl/crypto/o_str.c', >> ], >> - mm.generator['source'](['-DOPENSSL_NO_DEPRECATED=1', >> - '-DOPENSSL_NO_EC_NISTP_64_GCC_128=1', >> + mm.generator['source'](['-DOPENSSL_NO_EC_NISTP_64_GCC_128=1', >> '-DOPENSSL_NO_GMP=1', >> '-DOPENSSL_NO_JPAKE=1', >> '-DOPENSSL_NO_LIBUNBOUND=1', >> diff --git a/libbsd_waf.py b/libbsd_waf.py >> index 7782bccb..745512bf 100644 >> --- a/libbsd_waf.py >> +++ b/libbsd_waf.py >> @@ -1317,7 +1317,7 @@ def build(bld): >> features = "c", >> cflags = cflags, >> includes = ['freebsd/crypto', 'freebsd/crypto/openssl', >> 'freebsd/crypto/openssl/crypto', 'freebsd/crypto/openssl/crypto/asn1', >> 'freebsd/crypto/openssl/crypto/evp', 'freebsd/crypto/openssl/crypto/modes'] >> + includes, >> - defines = defines + ['NO_WINDOWS_BRAINDEATH=1', >> 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_DEPRECATED=1', >> 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', >> 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', >> 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', >> 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', >> 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'], >> + defines = defines + ['NO_WINDOWS_BRAINDEATH=1', >> 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', >> 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', >> 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', >> 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', >> 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', >> 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'], >> source = objs04_source) >> libbsd_use += ["objs04"] >> >> -- >> 2.13.6 >> >> _______________________________________________ >> devel mailing list >> devel@rtems.org >> http://lists.rtems.org/mailman/listinfo/devel -- -------------------------------------------- embedded brains GmbH Herr Christian Mauderer Dornierstr. 4 D-82178 Puchheim Germany email: christian.maude...@embedded-brains.de Phone: +49-89-18 94 741 - 18 Fax: +49-89-18 94 741 - 08 PGP: Public key available on request. Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG. _______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel