The one thing that makes me a bit more comfortable with the change to the prototype is the fact that in the current code and documentation, everywhere SSL_CTX_set_cert_verify_callback() is mentioned, it has a big warning next to it saying that it is currently broken and is supposed to actually take an argument. So those using it may have had a suspicion that this might be coming.
The only argument against adding another callback that takes an argument is that there already are two (the app_verify_callback and the verify_callback set by SSL_CTX_set_verify), at least one of which is already not heavily used. The cost of minor code changes/ recompilation to change the prototype has to be weighed against yet another unused function pointer in a heavily used structure. The difficulty with backwards compatibility in the Sendmail case is that a lot of people may not want to upgrade it (and I don't know how long they take to rev a release), but might want to upgrade openssl under it. There could be an evil option involving ifdefing the old behavior to allow a backwards-compatible compilation during a transition period. --Diana Richard Levitte - VMS Whacker wrote: > From: Bodo Moeller <[EMAIL PROTECTED]> > > moeller> If we add the paramter list declaration for app_verify_callback to > moeller> ssl/ssl.h and ssl/ssl_lib.c (which I think we should do for type > moeller> safety), applications written for old releases will not compile > moeller> without modification if they use SSL_CTX_set_cert_verify_callback(). > moeller> But the only application that I know of that actually uses this > moeller> function is by myself, and I can accept this incompatibility. > > Considering how we have behaved so far, I'm not sure I see that as a > problem in any case. Remember all the changes in the DES > implementation? Remember the constification? I believe we have > bigger changes crashing on the application authors than this > particular beastie... > > Also, even when SSL_CTX_set_cert_verify_callback() *is* used, in how > many places do you think you'll find it in a typical application? I'm > guessing at just a few, and a patch would probably be really easy to > deliver. > > About how many places it's used, I can count 3 so far: you, D.K. and > sendmail. I don't think that's too much. This is relatively low-impact. > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]