> On Feb 13, 2017, at 12:20 PM, Benjamin Kaduk <bka...@akamai.com> wrote: > > Perhaps a reasonable compromise would be to ensure that the -noservername > option is accepted (as a noop) in 1.1.0<letter>, so that there is a way to > write a script that remains compatible between 1.1.0 and 1.1.1 even if the > default does change.
We could add a "-ignore_unknown" option, which (if specified first) would more generally allow the CLI to ignore attempts to use features only available in later versions. An environment variable could provide another means to the same end. That said, I don't think that enabling SNI by default *in s_client* is sufficient cause to motivate such a feature. The s_client command adds new options from time to time, and IIRC we've never before back-ported these as NOPs. If an "ignore_unknown" option is warranted, it is for all the other new things we might add in addition to "-noservername". I'd be more concerned with potentially incompatible changes to cms(1), enc(1), req(1), x509(1), ... which are the main day-to-day tools used by users to get useful work done. The s_client(1) and s_server(1) commands are diagnostic utilities, and such it is reasonable to be less strict w.r.t. reasonable behaviour changes. We should still provide a backwards compatible interface, but that does not preclude reasonable differences in the resulting behaviour. -- -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev