On 25/02/2013 11:06 p.m., Eliezer Croitoru wrote:
On 02/24/2013 11:45 AM, Amos Jeffries wrote:
As you may be aware OpenSSL had some API changes which we dutifully
wrote #if-#else conditional code for using the mechanisms provided by
OpenSSL for the purpose.
Then somebody in Fedora or RHEL decided to back-port the
functionality into their older OpenSSL version. This corrupted the
Fedora 17 release for a short while, just long enough to corrupt the
main RHEL 5.* and 6.* distributions, and it now seems to have spread
into the CentOS 6.* distributions as well.
We are urgently needing somebody to write a ./configure-time test to
detect these old corrupted OpenSSL packages which present 1.0.0d API
functionality and AC_DEFINE a macro which can be added to the
#if-#else conditionals such that they are built using the 1.0.0d+ API
of OpenSSL.
Any takers?
Amos
and we do have a basic view of the versions of openssl if I remember
right in some bugzilla reports.
how *urgently* is it needed? weeks? idea?
Some weeks are fine.
We have been ignoring the issue for months already when it was just one
outdated Fedora and RHEL who are known for sticking doggedly with
obsolete software. But as CentOS has shown it is now spreading across
the whole RHEL-based tree of OS distributions into their 'new' releases.
So if we want 3.2+ usage to pick up in those OS we need it fixed soonish.
Yes. We know what versions of OpenSSL need testing and what to test for.
Just need to get the test coded up and trialled.
Amos
