[squid-dev] OpenSSL 1.1 regression

Alex Rousskov rousskov at measurement-factory.com
Thu May 18 16:48:15 UTC 2017


On 05/18/2017 10:23 AM, Christos Tsantilas wrote:
> On 18/05/2017 06:05 μμ, Alex Rousskov wrote:
>> I suspect it would be cheaper, in the long term, to use feature tests.

> However is not easy to always use this method. The OpenSSL-1.1.0 put
> many API changes trying to hide structure members from user and replace
> with API calls instead. Also has many API changes, I suppose to make API
> more consistent.
> 
> This is resulted to many changes and it will not be easy to check
> availability for each of the investigated functions and API changes.

Individual feature tests are not panacea. When dealing with a large
across-the-board change like the one you are describing above, it is
often better to have a single test and a single marker for all affected
functions:

#if OPENSSL_EXPOSES_MEMBERS
    ...old code here, possibly with other feature #if tests...
#else
    ...new code here, possibly with other feature #if tests...
#endif

Also, we probably should wrap all OpenSSL calls that are affected by
version variations. It is wrong to sprinkle regular code with numerous
#ifs. Yes, that probably means 20+ wrappers, but it is better than the
alternatives.

Alex.



More information about the squid-dev mailing list