On Tue, Mar 20, 2018 at 6:03 AM, Christian Mauderer <christian.maude...@embedded-brains.de> wrote: > > Am 19.03.2018 um 09:26 schrieb Christian Mauderer: >> Am 16.03.2018 um 15:11 schrieb Gedare Bloom: >>> On Tue, Mar 13, 2018 at 10:02 AM, Christian Mauderer >>> <christian.maude...@embedded-brains.de> wrote: >>>> Some applications (like the civetweb web server) still use functions >>>> that are deprecated by openssl. If OPENSSL_NO_DEPRECATED is defined, >>>> openssl will not provide these functions. This patch removes the define >>>> so that the functions are available. >>>> --- >>> >>> What are the negative consequences to this? I'm quite leery about >>> enabling deprecated features in a security library. >>> >>> What is the cost to fix civetweb instead? >>> >>> -Gedare >> >> Hello Gedare, >> >> there are still a lot of application that use the deprecated API. A >> quick search on github for one of the deprecated functions >> (ERR_remove_state) provided nearly 50000 results: >> https://github.com/search?l=C&q=+ERR_remove_state&type=Code&utf8=%E2%9C%93 >> >> Beneath that I just checked on my OpenSUSE machine and on a FreeBSD VM: >> They still provide this function. So I wouldn't see a problem with that. >> >> Best regards >> >> Christian > > Would you agree with the patch with the additional information from my > last mail that the deprecated API is still widely used? >
OK. >> >>> >>>> libbsd.py | 3 +-- >>>> libbsd_waf.py | 2 +- >>>> 2 files changed, 2 insertions(+), 3 deletions(-) >>>> >>>> diff --git a/libbsd.py b/libbsd.py >>>> index f70b4ead..233c06cd 100644 >>>> --- a/libbsd.py >>>> +++ b/libbsd.py >>>> @@ -3614,8 +3614,7 @@ def crypto_openssl(mm): >>>> 'crypto/openssl/crypto/cversion.c', >>>> 'crypto/openssl/crypto/o_str.c', >>>> ], >>>> - mm.generator['source'](['-DOPENSSL_NO_DEPRECATED=1', >>>> - '-DOPENSSL_NO_EC_NISTP_64_GCC_128=1', >>>> + mm.generator['source'](['-DOPENSSL_NO_EC_NISTP_64_GCC_128=1', >>>> '-DOPENSSL_NO_GMP=1', >>>> '-DOPENSSL_NO_JPAKE=1', >>>> '-DOPENSSL_NO_LIBUNBOUND=1', >>>> diff --git a/libbsd_waf.py b/libbsd_waf.py >>>> index 7782bccb..745512bf 100644 >>>> --- a/libbsd_waf.py >>>> +++ b/libbsd_waf.py >>>> @@ -1317,7 +1317,7 @@ def build(bld): >>>> features = "c", >>>> cflags = cflags, >>>> includes = ['freebsd/crypto', 'freebsd/crypto/openssl', >>>> 'freebsd/crypto/openssl/crypto', 'freebsd/crypto/openssl/crypto/asn1', >>>> 'freebsd/crypto/openssl/crypto/evp', >>>> 'freebsd/crypto/openssl/crypto/modes'] + includes, >>>> - defines = defines + ['NO_WINDOWS_BRAINDEATH=1', >>>> 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_DEPRECATED=1', >>>> 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', >>>> 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', >>>> 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', >>>> 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', >>>> 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'], >>>> + defines = defines + ['NO_WINDOWS_BRAINDEATH=1', >>>> 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', >>>> 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', >>>> 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', >>>> 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', >>>> 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', >>>> 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'], >>>> source = objs04_source) >>>> libbsd_use += ["objs04"] >>>> >>>> -- >>>> 2.13.6 >>>> >>>> _______________________________________________ >>>> devel mailing list >>>> devel@rtems.org >>>> http://lists.rtems.org/mailman/listinfo/devel >> > > -- > -------------------------------------------- > embedded brains GmbH > Herr Christian Mauderer > Dornierstr. 4 > D-82178 Puchheim > Germany > email: christian.maude...@embedded-brains.de > Phone: +49-89-18 94 741 - 18 > Fax: +49-89-18 94 741 - 08 > PGP: Public key available on request. > > Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG. _______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
