[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: openssl 1.1.0

From: Ivan Zhakov <ivan_at_visualsvn.com>
Date: Mon, 5 Sep 2016 22:34:18 +0300

On 5 September 2016 at 21:51, Stefan Küng <tortoisesvn_at_gmail.com> wrote:
> On 05.09.2016 20:45, Ivan Zhakov wrote:
>> On 1 September 2016 at 20:55, Stefan Küng <tortoisesvn_at_gmail.com> wrote:
>>> Hi,
>>>
>>> Since OpenSSL 1.1.0 is out now, I've got it ready to build with TSVN.
>>> But OpenSSL 1.1.0 is a big change since 1.0.2, so I had to make some
>>> changes to make it build: the ntml-sasl plugin needed some code patches,
>>> and we already have patched the e_capi.c file in openssl for our needs
>>> which needed some more changes as well. Actually, that one required to
>>> include some now internal structs from openssl - those were not internal
>>> in 1.0.2 but we still need those even though they're now private in 1.1.0.
>>>
>>> So, I've got the patch ready to get OpenSSL 1.1.0 included in TSVN.
>>> Question is: should I commit that change? Or do we want to stay on the
>>> 1.0.x line of OpenSSL?
>>>
>> Hi Stefan!
>>
>> Is there anything useful/important for TortoiseSVN in OpenSSL 1.1.0?
>
> Well, not really important.
> But I usually like to update to the latest version of all linked libs in
> a project. Otherwise if you wait too long, it will be much harder to
> upgrade those later once you skipped a few versions. And you *will* have
> to upgrade one day because older versions tend to not get security
> updates anymore.
>
> So, that's actually my only reason: keeping up with the latest version.
>
Please note that OpenSSL 1.0.2 is LTS release: it will be supported
until 2019-12-31. While OpenSSL 1.1.0 is a normal release, and will to
be supported until 2018-04-30 [1]

>> I think RAND_poll() optimization could be useful for TortoiseSVN. TSVN
>> already has a patch for this, but OpenSSL 1.1.0 RAND_poll()
>> implementation is better. Another interesting new feature is support
>> for ChaCha20 encryption cipher. But I don't remind anything else.
>
> Any new ciphers are good: our users might need them if they connect to
> latest systems.
>
> If you don't have any objections, I'll commit my changes soon.
> But we will keep them on trunk and have the stable branch keep using
> OpenSSL 1.0.2.
I don't have any objections against switch TortoiseSVN trunk to OpenSSL 1.1.0.

Btw did you consider using vendor/upstream branch to maintain e_capi
patches for OpenSSL? I mean import OpenSSL 1.1.0 to something like
/upstream/openssl, then copy it to /trunk/ext/openssl. Apply patches.
When OpenSSL 1.1.0a will be released we just need to update
/upstream/openssl and then merge changes from /upstream/openssl to
/trunk/ext/openssl.

[1] https://www.openssl.org/policies/releasestrat.html

-- 
Ivan Zhakov
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=3184882
To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2016-09-05 21:34:49 CEST

This is an archived mail posted to the TortoiseSVN Dev mailing list.