Hi, On Mon, Jan 21, 2013 at 10:54:26AM +0100, Adriaan de Jong wrote: > > Barring that, I'd suggest to add stuff to fail the build with older > > PolarSSL versions and kill the PolarSSL < 1.2.3 code. It would seem > > from the changelogs that PolarSSL 1.2.N (with N highest available) does > > away with certain design issues in earlier versions, so there is a > > compelling reason to upgrade. > > I agree that it's annoying, but I wouldn't remove support for an > existing, still secure version of PolarSSL in a dot-release. We > could mark 1.1 as deprecated, and remove it in 2.4? For the moment, > recent versions Debian (sid/wheezy) and Ubuntu (precise+) still > contain 1.1, meaning that it's a nice service for them to keep > support for a while.
I don't particularily care about distributions that ship old stuff - they
can always compile with OpenSSL if they do not want to upgrade Polar to
1.2 (not that Debian contains OpenVPN 2.3.x anyway).
I'm more concernced about maintainability of the OpenVPN code base, and
having more #ifdef in there is not the way forward.
> Unfortunately getting PolarSSL to work wasn't trivial due to some
> (necessary) PolarSSL changes. We're still working on getting support
> patches for a number of the new features ready. Adding these patches
> to 2.3 during the RC phase would have caused to large a disruption
> for an RC.
Understood, and appreciated. OTOH, the changes are not *that* large,
if you get rid of the #ifdefs...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpxFnD0xJgWL.pgp
Description: PGP signature
