[squid-dev] OpenSSL 1.1 regression
Alex Rousskov
rousskov at measurement-factory.com
Thu May 18 16:05:15 UTC 2017
On 05/18/2017 09:34 AM, Ingo Schwarze wrote:
> Alex Rousskov wrote on Thu, May 18, 2017 at 09:05:29AM -0600:
>> On 05/18/2017 05:12 AM, Christos Tsantilas wrote:
>>> Agrr... Using the openSSL version was the faster/easier way. Touching
>>> autoconf may result to 2-3 full squid rebuilds to implement/test similar
>>> fixes.
>> The alternative is to convince others that Squid will not support
>> OpenSSL API implementations that lie about their OpenSSL API version.
>> Judging by the time wasted on related discussions about API basics, I
>> suspect it would be cheaper, in the long term, to use feature tests.
> In general, using feature tests is also the cleaner and more
> reliable way of dealing with API variations.
Yes, of course. If we have to support same-API variations, then feature
tests are the right solution. I hope there is consensus around that!
Moreover, feature tests are often the right solution even when there are
no same-API variations and all features _can_ be reliably detected by
API version tests.
The difficult question is: Given scarce resources, which is better:
1. spending many hours on supporting OpenSSL API variations or
2. spending those hours on other pressing Squid issues?
I do not know the correct answer, but I know that
* it is a difficult question without an algorithmic solution;
* such questions often create expensive discussions
that often end without reaching consensus; and
* the Project lacks a mechanism to resolve consensus deadlocks.
Alex.
More information about the squid-dev
mailing list