1
1
Fork 0

Bump minimum version requirement for OpenSSL

This updates the minimum version requirement for OpenSSL in the
documentation to 1.0.1 and also updates the practical minimum CMake
version.

Why pick 1.0.1 as the minimum? Main reason is whatever is still out
there with long term support contracts etc. One of the oldest I could
find is Ubuntu 14.04 which still has paid extended support and is on
1.0.1.

Another reason that 1.0.1 is probably a good minimum is a bit more
involved. 1.0.1 is the first version to add TLS 1.2. Large parts of the
internet have TLS 1.2 as a minimum requirement. This means that systems
with OpenSSL older than 1.0.1 already can't access large parts of the
internet anyway, so not supporting the latest libssh there either is ok
I think.

Bumping minimum support also means things like the HMAC API can be moved
to the more recent EVP style APIs and things can be more easily made
compatible with the deprecated APIs in OpenSSL 3.0.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Dirkjan Bussink 2020-12-16 12:23:23 +01:00 committed by Andreas Schneider
parent 919387ae64
commit e20fe54f3f
2 changed files with 2 additions and 10 deletions

View File

@ -7,8 +7,8 @@
In order to build libssh, you need to install several components:
- A C compiler
- [CMake](https://www.cmake.org) >= 2.6.0.
- [openssl](https://www.openssl.org) >= 0.9.8
- [CMake](https://www.cmake.org) >= 3.3.0
- [openssl](https://www.openssl.org) >= 1.0.1
or
- [gcrypt](https://www.gnu.org/directory/Security/libgcrypt.html) >= 1.4
- [libz](https://www.zlib.net) >= 1.2

View File

@ -543,7 +543,6 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
int pki_key_generate_dss(ssh_key key, int parameter){
int rc;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
key->dsa = DSA_new();
if (key->dsa == NULL) {
return SSH_ERROR;
@ -560,13 +559,6 @@ int pki_key_generate_dss(ssh_key key, int parameter){
key->dsa = NULL;
return SSH_ERROR;
}
#else
key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
NULL, NULL);
if(key->dsa == NULL){
return SSH_ERROR;
}
#endif
rc = DSA_generate_key(key->dsa);
if (rc != 1){
DSA_free(key->dsa);