Sebastian Andrzej Siewior
2023-May-07 19:52 UTC
[PATCH] compat: Relax version check with OpenSSL 3.0+
From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> OpenSSL 3.1.0 uses the same ABI as OpenSSL 3.0.x series. Further 3.1.x release are just stable updates and no ABI change (is expected) just like the 3.0.x series. Relax the version check for OpenSSL 3+ and rely on ABI compatibility. Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> --- openbsd-compat/openssl-compat.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index c1749210d586f..5b35253f1d19b 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -54,6 +54,10 @@ ssh_compatible_openssl(long headerver, long libver) return (headerver & mask) == (libver & mask); } + /* For versions > 3.0.0, we rely on upstream's ABI */ + if (headerver > 0x3000000f) + return 1; + /* * For versions >= 1.0.0, major,minor must match and library * fix version must be equal to or newer than the header. -- 2.40.1
rsbecker at nexbridge.com
2023-May-07 20:11 UTC
[PATCH] compat: Relax version check with OpenSSL 3.0+
On Sunday, May 7, 2023 3:53 PM, Sebastian Andrzej Siewior wrote:>OpenSSL 3.1.0 uses the same ABI as OpenSSL 3.0.x series. Further 3.1.xrelease are>just stable updates and no ABI change (is expected) just like the 3.0.xseries.> >Relax the version check for OpenSSL 3+ and rely on ABI compatibility. > >Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> >--- > openbsd-compat/openssl-compat.c | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/openbsd-compat/openssl-compat.cb/openbsd-compat/openssl-compat.c>index c1749210d586f..5b35253f1d19b 100644 >--- a/openbsd-compat/openssl-compat.c >+++ b/openbsd-compat/openssl-compat.c >@@ -54,6 +54,10 @@ ssh_compatible_openssl(long headerver, long libver) > return (headerver & mask) == (libver & mask); > } > >+ /* For versions > 3.0.0, we rely on upstream's ABI */ >+ if (headerver > 0x3000000f) >+ return 1; >+Is this not already covered using the --without-openssl-header-check configuration option? --Randall
Seemingly Similar Threads
- [PATCH] compat: Relax version check with OpenSSL 3.0+
- Call for testing: OpenSSH 7.9
- [PATCH] openssl-compat: Test for OpenSSL_add_all_algorithms before using.
- [Bug 3548] New: Upgrading from openssl-3.0.8 to openssl-3.1.0 leads to version mismatch error
- Call for testing: OpenSSH 7.9