ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

Bump minimum version requirement for OpenSSL

Просмотр исходного кода 
This updates the minimum version requirement for OpenSSL in the
documentation to 1.0.1 and also updates the practical minimum CMake
version.

Why pick 1.0.1 as the minimum? Main reason is whatever is still out
there with long term support contracts etc. One of the oldest I could
find is Ubuntu 14.04 which still has paid extended support and is on
1.0.1.

Another reason that 1.0.1 is probably a good minimum is a bit more
involved. 1.0.1 is the first version to add TLS 1.2. Large parts of the
internet have TLS 1.2 as a minimum requirement. This means that systems
with OpenSSL older than 1.0.1 already can't access large parts of the
internet anyway, so not supporting the latest libssh there either is ok
I think.

Bumping minimum support also means things like the HMAC API can be moved
to the more recent EVP style APIs and things can be more easily made
compatible with the deprecated APIs in OpenSSL 3.0.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Dirkjan Bussink 2020-12-16 12:23:23 +01:00 коммит произвёл Andreas Schneider
родитель 919387ae64
Коммит e20fe54f3f
2 изменённых файлов: 2 добавлений и 10 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
INSTALL
Просмотреть файл

@ -7,8 +7,8 @@
In order to build libssh, you need to install several components: In order to build libssh, you need to install several components:
- A C compiler - A C compiler
- [CMake](https://www.cmake.org) >= 2.6.0. - [CMake](https://www.cmake.org) >= 3.3.0
- [openssl](https://www.openssl.org) >= 0.9.8 - [openssl](https://www.openssl.org) >= 1.0.1
or or
- [gcrypt](https://www.gnu.org/directory/Security/libgcrypt.html) >= 1.4 - [gcrypt](https://www.gnu.org/directory/Security/libgcrypt.html) >= 1.4
- [libz](https://www.zlib.net) >= 1.2 - [libz](https://www.zlib.net) >= 1.2

8
src/pki_crypto.c
Просмотреть файл

@ -543,7 +543,6 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
int pki_key_generate_dss(ssh_key key, int parameter){ int pki_key_generate_dss(ssh_key key, int parameter){
int rc; int rc;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
key->dsa = DSA_new(); key->dsa = DSA_new();
if (key->dsa == NULL) { if (key->dsa == NULL) {
return SSH_ERROR; return SSH_ERROR;
@ -560,13 +559,6 @@ int pki_key_generate_dss(ssh_key key, int parameter){
key->dsa = NULL; key->dsa = NULL;
return SSH_ERROR; return SSH_ERROR;
} }
#else
key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
NULL, NULL);
if(key->dsa == NULL){
return SSH_ERROR;
}
#endif
rc = DSA_generate_key(key->dsa); rc = DSA_generate_key(key->dsa);
if (rc != 1){ if (rc != 1){
DSA_free(key->dsa); DSA_free(key->dsa);