Tim and Viktor have convinced me that “it’s not worth it” is wrong. Thanks,
Richard, for testing 1.1.0 tests with 1.1.1 library. We do need to analyze the
results and not say any failure means something 1.1.1 has to fix – it could be
failing because of an assumption in the 1.1.0 tests. Am I
Where we are stating that ABI compatibility is in place we should be
testing it.
i.e. the older release binaries should be run against the current release
libraries - and that should be put into CI in my view.
Going the other direction isn't something I have thought we have ever
guaranteed (i.e.
> On Apr 15, 2018, at 12:59 PM, Salz, Rich wrote:
>
> Let me turn the question around because we'll never know "everything" just
> works. Except for our tests, what programs work with 1.1.0 and *fail* to work
> with 1.1.1? Any? For various reasons that Viktor and I have
> On Apr 15, 2018, at 12:55 PM, Salz, Rich wrote:
>
> Do our 1.1.0 tests work when linked against the 1.1.1 library?
Our tests don't, but Richard (valiantly I must say) went to the trouble
of doing just that. And found some tests that failed, ...
> Even then, there might
> I believe we were led into the current situation, because our tests don't
completely work *going backwards.* Do the 1.1.0 tests basically work *going
forwards* ?
>It is unclear what you mean by forwards and backwards, but some 1.1.0
tests failed when using a 1.1.1 library.
> On Apr 15, 2018, at 2:24 AM, Bernd Edlinger wrote:
>
> One possible example of application failure that I am aware of is #5743:
> A certificate that is incompatible with TLS1.3 but works with TLS1.2.
> Admittedly that I did come up with that scenario only because I
In message
on Sun, 15 Apr 2018 06:24:48 +, Bernd Edlinger
said:
bernd.edlinger> One possible example of application failure that I am aware of
is #5743:
bernd.edlinger> A
In message on Sun, 15 Apr
2018 13:27:15 +0200, Andy Polyakov said:
appro> To summarize, failing tests in 110 should be revisited to see if they
appro> are actually representative, before one can consider as drastic measures
> 2. Make TLSv1.2 the absolutely maximum TLS version available for
>programs linked with libssl 1.1.0. This is what's done in this PR:
>https://github.com/openssl/openssl/pull/5945
>This makes sense insofar that it's safe, it works within the known
>parameters for the library
On Sun, Apr 15, 2018 at 07:38:48AM +0200, Richard Levitte wrote:
> In message on Sat, 14 Apr
> 2018 21:13:47 +, "Salz, Rich" said:
>
> rsalz> We have *no* data points, except our tests, that anything fails to
> work.
>
On 04/15/18 07:53, Viktor Dukhovni wrote:
>
>
>> On Apr 15, 2018, at 1:38 AM, Richard Levitte wrote:
>>
>> Errr, are we? Please inform me, because I cannot remember having seen
>> tests that specifically targets the case of programs built with 1.1.0
>> that get implicitly
11 matches
Mail list logo