On Sat, Jan 26, 2008 at 03:15:18PM +0100, Stefan Fritsch wrote: > Hi Kurt, > > On Saturday 26 January 2008, Kurt Roeckx wrote: > > The problem with that option (and others) is that it changes struct > > layouts, which means ABI changes. I'm afraid I can't do such a > > change without changing the soname. It seems that only the end of > > struct's are changed so we might get away with it for some cases, > > but someone will need to take a good look before doing that. > > IMNSHO we want this for lenny, even if it needs a soname change.
If we're going to do that, I think we need to clear this with the release team in any case. I'm not really in favour of doing any change that requires us to rebuild everything against a new openssl version. The last migration started with the upload of 0.9.8-1 which was uploaded on 2005-09-29, the latest package depending on 0.9.7 was removed from testing on 2008-01-05. I think the release team would like to see atleast 2 source packages again for such a migration. Anyway, looking at the structs that changed, we have those structs: SSL_SESSION / struct ssl_session_st SSL_CTX / struct ssl_ctx_st SSL / struct ssl_st / ssl_crock_st They all add new members at the end of the struct. They all have functions to allocate/free them: SSL_SESSION_new / SSL_SESSION_free SSL_CTX_new / SSL_CTX_free SSL_new / SSL_free Those structs are always passed as pointers. I think that it should be safe to turn on this feature without breaking something. Kurt
