Am 19.03.2018 um 09:26 schrieb Christian Mauderer: > Am 16.03.2018 um 15:11 schrieb Gedare Bloom: >> On Tue, Mar 13, 2018 at 10:02 AM, Christian Mauderer >> <christian.maude...@embedded-brains.de> wrote: >>> Some applications (like the civetweb web server) still use functions >>> that are deprecated by openssl. If OPENSSL_NO_DEPRECATED is defined, >>> openssl will not provide these functions. This patch removes the define >>> so that the functions are available. >>> --- >> >> What are the negative consequences to this? I'm quite leery about >> enabling deprecated features in a security library. >> >> What is the cost to fix civetweb instead? >> >> -Gedare > > Hello Gedare, > > there are still a lot of application that use the deprecated API. A > quick search on github for one of the deprecated functions > (ERR_remove_state) provided nearly 50000 results: > https://github.com/search?l=C&q=+ERR_remove_state&type=Code&utf8=%E2%9C%93 > > Beneath that I just checked on my OpenSUSE machine and on a FreeBSD VM: > They still provide this function. So I wouldn't see a problem with that. > > Best regards > > Christian
Would you agree with the patch with the additional information from my last mail that the deprecated API is still widely used? > >> >>> libbsd.py | 3 +-- >>> libbsd_waf.py | 2 +- >>> 2 files changed, 2 insertions(+), 3 deletions(-) >>> >>> diff --git a/libbsd.py b/libbsd.py >>> index f70b4ead..233c06cd 100644 >>> --- a/libbsd.py >>> +++ b/libbsd.py >>> @@ -3614,8 +3614,7 @@ def crypto_openssl(mm): >>> 'crypto/openssl/crypto/cversion.c', >>> 'crypto/openssl/crypto/o_str.c', >>> ], >>> - mm.generator['source'](['-DOPENSSL_NO_DEPRECATED=1', >>> - '-DOPENSSL_NO_EC_NISTP_64_GCC_128=1', >>> + mm.generator['source'](['-DOPENSSL_NO_EC_NISTP_64_GCC_128=1', >>> '-DOPENSSL_NO_GMP=1', >>> '-DOPENSSL_NO_JPAKE=1', >>> '-DOPENSSL_NO_LIBUNBOUND=1', >>> diff --git a/libbsd_waf.py b/libbsd_waf.py >>> index 7782bccb..745512bf 100644 >>> --- a/libbsd_waf.py >>> +++ b/libbsd_waf.py >>> @@ -1317,7 +1317,7 @@ def build(bld): >>> features = "c", >>> cflags = cflags, >>> includes = ['freebsd/crypto', 'freebsd/crypto/openssl', >>> 'freebsd/crypto/openssl/crypto', 'freebsd/crypto/openssl/crypto/asn1', >>> 'freebsd/crypto/openssl/crypto/evp', 'freebsd/crypto/openssl/crypto/modes'] >>> + includes, >>> - defines = defines + ['NO_WINDOWS_BRAINDEATH=1', >>> 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_DEPRECATED=1', >>> 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', >>> 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', >>> 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', >>> 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', >>> 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'], >>> + defines = defines + ['NO_WINDOWS_BRAINDEATH=1', >>> 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', >>> 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', >>> 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', >>> 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', >>> 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', >>> 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'], >>> source = objs04_source) >>> libbsd_use += ["objs04"] >>> >>> -- >>> 2.13.6 >>> >>> _______________________________________________ >>> devel mailing list >>> devel@rtems.org >>> http://lists.rtems.org/mailman/listinfo/devel > -- -------------------------------------------- embedded brains GmbH Herr Christian Mauderer Dornierstr. 4 D-82178 Puchheim Germany email: christian.maude...@embedded-brains.de Phone: +49-89-18 94 741 - 18 Fax: +49-89-18 94 741 - 08 PGP: Public key available on request. Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG. _______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
