Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

Tim and Viktor have convinced me that “it’s not worth it” is wrong. Thanks, Richard, for testing 1.1.0 tests with 1.1.1 library. We do need to analyze the results and not say any failure means something 1.1.1 has to fix – it could be failing because of an assumption in the 1.1.0 tests. Am I

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

Where we are stating that ABI compatibility is in place we should be testing it. i.e. the older release binaries should be run against the current release libraries - and that should be put into CI in my view. Going the other direction isn't something I have thought we have ever guaranteed (i.e.

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

> On Apr 15, 2018, at 12:59 PM, Salz, Rich wrote: > > Let me turn the question around because we'll never know "everything" just > works. Except for our tests, what programs work with 1.1.0 and *fail* to work > with 1.1.1? Any? For various reasons that Viktor and I have

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

> On Apr 15, 2018, at 12:55 PM, Salz, Rich wrote: > > Do our 1.1.0 tests work when linked against the 1.1.1 library? Our tests don't, but Richard (valiantly I must say) went to the trouble of doing just that. And found some tests that failed, ... > Even then, there might

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

> I believe we were led into the current situation, because our tests don't completely work *going backwards.* Do the 1.1.0 tests basically work *going forwards* ? >It is unclear what you mean by forwards and backwards, but some 1.1.0 tests failed when using a 1.1.1 library.

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

> On Apr 15, 2018, at 2:24 AM, Bernd Edlinger wrote: > > One possible example of application failure that I am aware of is #5743: > A certificate that is incompatible with TLS1.3 but works with TLS1.2. > Admittedly that I did come up with that scenario only because I

[openssl-project] Proto over ciphers or ciphers over proto? (was: The problem of (implicit) relinking and changed behaviour)

In message on Sun, 15 Apr 2018 06:24:48 +, Bernd Edlinger said: bernd.edlinger> One possible example of application failure that I am aware of is #5743: bernd.edlinger> A

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

In message on Sun, 15 Apr 2018 13:27:15 +0200, Andy Polyakov said: appro> To summarize, failing tests in 110 should be revisited to see if they appro> are actually representative, before one can consider as drastic measures

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

> 2. Make TLSv1.2 the absolutely maximum TLS version available for >programs linked with libssl 1.1.0. This is what's done in this PR: >https://github.com/openssl/openssl/pull/5945 >This makes sense insofar that it's safe, it works within the known >parameters for the library

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

On Sun, Apr 15, 2018 at 07:38:48AM +0200, Richard Levitte wrote: > In message on Sat, 14 Apr > 2018 21:13:47 +, "Salz, Rich" said: > > rsalz> We have *no* data points, except our tests, that anything fails to > work. >

Re: [openssl-project] The problem of (implicit) relinking and changed behaviour

On 04/15/18 07:53, Viktor Dukhovni wrote: > > >> On Apr 15, 2018, at 1:38 AM, Richard Levitte wrote: >> >> Errr, are we? Please inform me, because I cannot remember having seen >> tests that specifically targets the case of programs built with 1.1.0 >> that get implicitly