Hi Rich, On 22/07/16 14:52, Salz, Rich via RT wrote:
And now, with subject clearly stated, I think we should not do this.
the original question related to this ticket was the missing accessors in OpenSSL 1.1. I fully agree that OpenSSL should not add support for pre-RFC3820 proxy, but it should allow others to write code to support it. That's the way OpenSSL 0.9.x and 1.0.x did it: the Globus and Voms people added their own handlers to the OpenSSL callbacks in order to support GT2, GT3 and RFC3820 (aka GT4) proxies. With OpenSSL 1.1, some of these handlers/callbacks seem to have been removed.
If OpenSSL 1.1 does not allow this, then the existing grid codebase is "stuck" with OpenSSL 1.0.x until all users start using RFC3820 proxies. Again, I support the notion that people should have started using these back in 2008 but the reality is that we in "Grid land" are stuck with "legacy" proxies for some time. It would be a shame if we cannot use OpenSSL 1.1+ on the grid.
JM2CW, JJK / Jan Just Keijser PS I'm a co-worker of Mischa Salle -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
