OpenSSL and LSB

Sun, 16 Mar 2008 17:11:09 -0700 

Hi,

        I'm writing this note to try to reopen a discussion that has
been going on for the last couple of years.  Most recently, the
discussion was kicked off by Tracy Camp in November, 2006, and before
that in October, 2005.

        Reading through the mail archives, the problem, as I understand
it, is that OpenSSL is derived from a very old legacy codebase, with an
interface which relies on publically visible data structures which must
be accessed either directly, or via accessor macros.  In some cases,
those macros could be changed to accessor functions, and it looks like
the easy cases have been done --- but in other cases, the macros
couldn't be replaced with accessor functions without causing an API
change which would breaking applications.  Is that a fair summary of the
situation?

       Also, looking at past discussions, in 2005 there were suggestions
of "maybe when OpenSSL 0.9.9 comes out, we can do something with LSB
3.2".  In 2006, I saw some suggestions of, "maybe when OpenSSL 0.9.9
comes out", and "maybe for LSB 4.0".  Well, we're doing our LSB 4.0
planning now, so I thought this would be a good to ping the list again.

        I can think of a number of possible solutions some of which
might require less effort, and some of which have been almost certainly
been discussed before, such as only standardizing a subset of the API,
and adding new accessor functions and new mutator functions without
getting rid of the old accessor macros.  This way applications that want
ABI compatibility can simply use that set of functions which are known
to be safe.

        But before I go into more detail about trying to design a
solution, maybe it would be good to request an update from those who are
most familiar with OpenSSL development --- what would you think is the
best way of moving forward?

        Thanks, regards,

                                                - Ted

P.S.  I do appreciate how difficult this can be; back when I was
Kerberos development lead at MIT, we had a similar issue with respect to
ABI stability, based on really bad choices (some of which I myself was
responsible for, back when I was younger and stupider :-) in interface
design in our legacy API, and digging out of that development debt took
a long time, and it wasn't completed when I left MIT to go work on Linux
full time....
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to