On Sun, Jun 01, 2014 at 08:32:55PM +0200, Dr. Stephen Henson wrote: > > Repurposing bits in this way is problematic if that bit meant something else > > in any OpenSSL-1.x.y release (notional ABI). If the bit is from 0.9.x, and > > was never used in 1.x.y, then it is OK. > > > > I think it is actually a feature for older apps to not by default > > enable some feature that they have no way to disable. > > > > Well the previous purpose of the bit was *ancient* referring to SSLRef and > SSLv2 only and probably has been there since SSLeay.
And yet, reporposing a bit is an ABI change. Applications that enable/disable SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG will now be inadvertently enabling/disabling SSL_OP_TLSEXT_PADDING. Option bits can only be repurposed across ABI changes. Please do not do this in a micro or patch version update. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org