Subject: Re: openssl 0.9.7 in NetBSD?
To: Love <firstname.lastname@example.org>
From: None <email@example.com>
Date: 07/22/2003 18:59:03
>> so upgrade plan would be:
>> - disable kerberos4 by default
>> - import openssl 0.9.7b (or latest), with kerberos-and-ssl stuff
>> disabled. shlib major bump. kerberos portion would not build
>> for a while, i guess?
>so, how do we deal with the api problem with openssl ?
>keep old libdes and don't remove the compat glue (by defining
>OPENSSL_DISABLE_OLD_DES_SUPPORT not including <openssl/des_old.h>) ?
i'm not too sure about this part myself. for a long time libcrypto ==
libdes. choices would be:
- do not provide any backward compatibility support at all, i.e.
DES_xx only. do not compile des_old.c.
- split libcrypto and libdes. maintain libdes (code from 0.9.6)
by ourselves. libcrypto will provide DES_xx only. do not compile
i guess i like the second bullet myself, modulo maintenance cost.