On Mon, Mar 20, 2017 at 10:41:12PM +0000, Jason Vas Dias wrote:
> Hi - much thanks for many years of great OpenSSL releases,
> but this 1.1.0 branch, IMHO, should not be put above the 1.0.2k
> release on the website as the 'latest / best OpenSSL release' - this just
> wastes everybody's time .  No using software can use this release,
> such as the latest releases of OpenSSH,  ISC BIND (named) / ISC DHCP,  ntpd
> (... the list can go on and on - does the latest httpd  compile with it? )

I have send patches for all of those that you just mentioned so
that they can get build using both 1.0.2 and 1.1.0.

> I did waste a few hours today getting ISC BIND 9.11.0-P3 & DHCP 4.3.5
> & ntpd 4.3.93 to use 1.1.0e , (I can generate & send the patches for
> them to anyone who wants them),

DHCP 4.3.5 seems to work just fine with 1.1.0.

The latest ntp release is 4.2.8p9 which should just work with
openssl 1.1.0. (I have no idea why they don't list it on their
download page now, or why the development version is so old.)

bind has applied patches, I'm just not sure in which branches.

> the latest version of OpenSSH (v7.4.P1) to at least compile with it,
> but that version of OpenSSH is broken in so many ways because of
> openssl 1.1.0  - it can't even read or write its ED25519
> /etc/ssh_host_ed25519.key file.

The ed25519 support in openssh doesn't even come from openssl. 

> which mainly
> involved including the '*_lo?cl.h' & '*_int.h'  headers

Including the internal headers is not a good patch. This will


openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to