On Sun, Jun 01, 2014, Richard Moore wrote: > On 1 June 2014 19:38, Dr. Stephen Henson <st...@openssl.org> wrote: > > > > On Sun, Jun 01, 2014 at 01:39:54PM -0400, Salz, Rich wrote: > > > > Make structures opaque when possible and provide accessor functions. > > Within openssl itself use macros if you want. > > > > > > This has been on my list of things I want to see happen for a long time > > > too. Together we removing some APIs. I also want to help getting > > > open source packages fixed so they still work. > > > > > > > That's something I'd like to see too. I've added some support for libssl in > > OpenSSL 1.0.1 (you can make all libssl structures opaque by setting > > OPENSSL_NO_SSL_INTERN). I'd like to see the same happen across libcrypto > > but > > it's a significant task and likely to cause considerable application > > breakage. > > > > I tried using this flag with Qt a few weeks back and noticed that some > stuff such as the tlsext_tick_lifetime_hint didn't seem to have accessors. > At the moment, I don't think it's very clear to people using openssl which > structures are intended to be internal and which aren't too. >
Well that's one of the issues we need to resolve. Apache now compiles with OPENSSL_NO_SSL_INTERN but it needed some additional accessor functions before it could. If you could indicate exactly what fails in Qt we could either add new functions or suggest alternative techniques. Similarly if people could try other applications with OPENSSL_NO_SSL_INTERN and indicate success/failure that would help. It would be great if we could set that as the default at some point in the future. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
