Re: Regarding the OpenSSL branch change

[christos%zoulas.com@localhost (Christos Zoulas)]

On Mar 16, 12:58pm, Muhammed.ShameemPK%Dell.com@localhost (<Muhammed.ShameemPK%Dell.com@localhost>) wrote:
-- Subject: Regarding the OpenSSL branch change

| Hi,
| Recently I have noticed that NetBSD has changed from 1.0.x branch to 1.1.x
| branch of OpenSSL. Curious to know why. From openssl.org, it is clear that
| we moved from LTS to stable version. How will I get the recent 1.0.x OpenSSL
| L (1.0.2n) source for NetBSD as NetBSD-current has already changed to 1.1.0g

1.1.0 was release in August of 2016, almost 2 years ago; it has 6
releases so far, and its stability is not in question. 1.0.2 will
expire in December of 2019, two years from now.

The differences between 1.0.x and 1.1.x currently require a "flag
day" because the OpenSSL folks chose to hide the structure guts
and provide only API's to access them in one step. I.e. the software
can compile either with 1.0 or 1.1 but not with both, unless it
either has excessive ifdefs or provide its own compatibility shim.
Already there is software that only uses 1.1, and software that
only has supported versions that use 1.1 (the 1.0 versions are not
supported). I felt that it was time to bite the bullet and move to
1.1. At the same time I provided my compatibility patches to the
OpenSSL folks so that the 1.0.x train can be used code that used
to only compile with 1.1. In fact the NetBSD tree compiles with
both now.

There are two ways to get the 1.0.2n changes to earlier NetBSD
versions.
a. The easiest is to just apply the patches in the branch.
b. The harder is to move the branches to openssl.old, fix the
   Makefiles that are affected, sync the trunc of .old with 1.0.2n
   and then pull up the patches.

I think I'd stick with (a).

christos