On Sat, Dec 21, 2019 at 01:19:30AM +0100, Lukas Tribus wrote:
> You can merge the patch I posted today, as there is consensus for this
> particular fix:
> https://www.mail-archive.com/haproxy@formilux.org/msg35760.html
> It should be backported to 2.0 (or even 1.9 - I forgot to mention that
> in the commit message).

OK I've merged it now, thank you. It was my first impression but the
ongoing discussions made me doubt.

> Further discussion is needed for some remaining points, which I doubt
> can be fully clarified for the release tomorrow.


> If your question is, which openssl releases should we support with
> no-deprecated, I'd say 1.1.0 and newer. I don't believe there is any
> reason to support openssl 1.0.2 with no-deprecated.

I tend to agree on this. It doesn't seem very logical to decide now
to use an older release and disable what was considered deprecated
when it was issued. If you use an older release it's because you have
ABI compatibility issues, interoperability issues, or need legacy stuff.

If there were issues for users facing older vendor-provided openssl
libs built with no-deprecated, I think we'd know about it by now, and
given that it's not the case, I also suggest we don't waste valuable
time implementing support for something nobody intends to use. We can
revisit this choice later if the situation ever changes, which I
strongly doubt.


Reply via email to