Closed robocoder closed 6 years ago
alllexx88
commented
6 years ago Cursory inspection of the diff between OpenSSL_1_0_2h and OpenSSL_1_0_2n doesn't appear to be any BC issues WRT the API.
How did you check that? Did you diff the sourcecode, or skimmed through the changelog? Thanks.
robocoder
commented
6 years ago I skimmed the changelog for CVEs and the diff between the two tags to see what else had changed.
Both tags are from the LTS OpenSSL_1_0_2-stable branch, so it would have been a pretty safe assumption that there was backward compatibility. Such would not have been the case if moving from 1.0.1x => 1.0.2x, 1.0.2.x => 1.1.0x, or switching to libressl/boringssl (which were forked from openssl 1.0.1x and have since diverged).
robocoder
commented
6 years ago FYI Reference:
alllexx88
commented
6 years ago Thank you for looking into this.
Both tags are from the LTS OpenSSL_1_0_2-stable branch, so it would have been a pretty safe assumption that there was backward compatibility.
If I remember correctly, 1.0.2h isn't backward BC with 1.0.2g, and I had to rebuild all packages linked with openssl after upgrading.
I will be merging this now.
robocoder
commented
6 years ago Yeah, that was a clusterf*ck. 1.0.2h changed the default build options (e.g., SSLv2 was disabled).
Cursory inspection of the diff between OpenSSL_1_0_2h and OpenSSL_1_0_2n doesn't appear to be any BC issues WRT the API.