tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

openssl 0.9.7 in NetBSD



        to summarize:

openssl:
        i will upgrade openssl to 0.9.7b.  upgrade path is a little bit tricky,
        due to openssl DES API changes between 0.9.6 and 0.9.7.

        1. split libcrypto and libdes.  libdes provides old API (like des_xx)
           based on 0.9.6.
        2. libcrypto becomes 0.9.7, and provides new DES API (like DES_xx) only.
           (0.9.7 has source-code level backward compat code for des_xx, but
           i would like to disable it as it is wacky)
        3. both libdes and libcrypto will have a shlib major bump.

        i have confirmed that (1) goes fine, and can run happily with heimdal
        krb4 code.  (1) is in ftp://ftp.itojun.org/pub/libdes.tar.gz.

heimdal:
        ftp://ftp.itojun.org/pub/netbsd-krb4
        has tweaks to allow disabling/enabling kerberos v4/v5 separately, based
        on http://people.su.se/~lha/patches/netbsd/v4-diff.
        due to the shlib major bump of libcrypto/libdes, i guess kerberos
        libraries has to be bumped as well.  do we want to disable v4 at this
        time?  it looks that libkafs will define different symbols depending
        on if v4 enabled/disabled.

itojun



Home | Main Index | Thread Index | Old Index