From: Kazuki Yamaguchi Date: 2016-12-18T01:18:57+09:00 Subject: [ruby-core:78711] Re: [Ruby trunk Feature#12324] Support OpenSSL 1.1.0 (and drop support for 0.9.6/0.9.7) On Sat, Dec 17, 2016 at 09:09:49AM +0000, Eric Wong wrote: > Kazuki Yamaguchi wrote: > > On Sat, Dec 17, 2016 at 01:31:12AM +0000, Eric Wong wrote: > > > k@rhe.jp wrote: > > > > Feature #12324: Support OpenSSL 1.1.0 (and drop support for 0.9.6/0.9.7) > > > > https://bugs.ruby-lang.org/issues/12324 > > > > > > > rhe: did you commit all of these? > > > > > > I notice SSL_CTX_clear_options is still missing on an ancient > > > CentOS 5.x machine with 0.9.8e. Thanks. > > > > I dropped that patch. I found the OpenSSL 0.9.8e package in RHEL/CentOS > > 5 has backported SSL_CTX_clear_options() as part of CVE-2009-3555 fix, > > and no one except them would use < 0.9.8m anymore. > > Thanks for the response. I'll work with my sysadmins and see > if they're willing to upgrade OpenSSL; but they may not :< > > If they are not, would you be willing to add > SSL_CTX_clear_options? I could carry the patch myself, but > maybe there are other ancient places who don't patch :< I'm fine with adding if it helps. I don't want to imagine such systems with 6 years unpatched OpenSSL, though. I've added to the GitHub repository now: https://github.com/ruby/openssl/commit/fd2ea0c41d55f3d0b34edb1d25c673bc004f6913 Will import to trunk in a few days together with a few more minor bug fixes. Unsubscribe: