On Sat, Dec 21, 2019 at 01:19:30AM +0100, Lukas Tribus wrote: > You can merge the patch I posted today, as there is consensus for this > particular fix: > https://www.mail-archive.com/haproxy@formilux.org/msg35760.html > > It should be backported to 2.0 (or even 1.9 - I forgot to mention that > in the commit message).
OK I've merged it now, thank you. It was my first impression but the ongoing discussions made me doubt. > Further discussion is needed for some remaining points, which I doubt > can be fully clarified for the release tomorrow. Perfect! > If your question is, which openssl releases should we support with > no-deprecated, I'd say 1.1.0 and newer. I don't believe there is any > reason to support openssl 1.0.2 with no-deprecated. I tend to agree on this. It doesn't seem very logical to decide now to use an older release and disable what was considered deprecated when it was issued. If you use an older release it's because you have ABI compatibility issues, interoperability issues, or need legacy stuff. If there were issues for users facing older vendor-provided openssl libs built with no-deprecated, I think we'd know about it by now, and given that it's not the case, I also suggest we don't waste valuable time implementing support for something nobody intends to use. We can revisit this choice later if the situation ever changes, which I strongly doubt. Thanks! Willy
