Incompatible API changes in 0.9.8

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Incompatible API changes in 0.9.8

Brian Candler
I sent these reports to [hidden email] a couple of hours ago, but they don't
seem to have arrived either on the tracker or as postings on openssl-dev, so
I'm forwarding them here (please see attached).

The size_t problem with md5.h also applies to ripemd.h and sha.h

Fixing these *almost* makes ruby's openssl extension compile. There's one
instance where ruby touches the X509_STORE_CTX.flags member directly:

    if(NIL_P(time)) {
        GetX509StCtx(self, store);
        store->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
    }

which compiles if you change it to

    if(NIL_P(time)) {
        GetX509StCtx(self, store);
        store->param->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
    }

I'm not sure if there's any alternative (supported API) here; there's
X509_STORE_CTX_set_flags but I don't see a corresponding _clear_flags

Regards,

Brian.

openssl-0.9.8 breaks the current (2.8.22) release of mod_ssl

This is due to an incompatible API change: PEM_F_DEF_CALLBACK was renamed to
PEM_F_PEM_DEF_CALLBACK

I think this should have been mentioned in the announcement, or at least in
the CHANGES file or at http://www.openssl.org/news/changelog.html

openssl-0.9.8/include/openssl/md5.h changed some definitions of 'unsigned
long' to 'size_t', but forgot to #include <sys/types.h>

This breaks compilation of ruby-1.8.2's openssl module (and probably other
things).

I don't know if this is an intentional API change - i.e. all users are now
required to #include <sys/types.h> before #include <openssl/md5.h> - or an
oversight. If the former, it should have been mentioned in the announcement
or the CHANGES file.

[The rest of openssl seems inconsistent in this regard. For example, both
bio.h and buffer.h both use size_t, but only buffer.h includes sys/types.h]

ossl.patch (1K) Download Attachment