>> it's complicated to keep everything clean but any help is welcomed. > > Step 1 has been simply to understand the problem.
Sure. Your attitude and threats are not helpful in this conversation though. > What I'm suggesting is that there's a possibility -- as per my other > post, still unclear to me -- that openssl 1.1.1, with which tls1.3 > support will officially 'arrive', will have tighter restrictions on use > of prior versions' APIs. I already told you: both OpenSSL 1.1.1 and TLSv1.3 work fine. While other projects fixed cosmetic API issues, we worked with the OpenSSL team to find solutions for catastrophic failures in OpenSSL 1.1.1 alpha and beta, so they can fix it before the 1.1.1 release: https://github.com/openssl/openssl/issues/5330 https://github.com/openssl/openssl/pull/6388 https://github.com/openssl/openssl/pull/6432 https://www.mail-archive.com/[email protected]/msg29592.html https://github.com/openssl/openssl/issues/6541 The priority being fixing actual bugs and compatibility issues, not build issues that come up when OpenSSL is compiled with strict API's. > Will use of v<1.1.0 apis still be just deprecated? or dropped? And, in > either case, how will downstream apps -- e.g., haproxy -- deal with it. There is no change between 1.1.0 and 1.1.1 regarding the old API's (which I already implied in my earlier email). > Currently, apparently, haproxy doesn't deal with the legacy-free, > current Openssl api, at all. No, it does not. And someone can step up and send a patch or it will be updated further down the line, but you are making a big deal out of it, which it really is not. cheers, lukas
