Barry writes:
> The biggest frustration is openssl 3. Once again there are
backwards-
incompatible API changes, with little if none documentation, or direction. I
wasted half of my weekend trying to figure out WTF needs to be done to make
stuff work again. This time, it's not even a compilation issue. Things will
compile. Just not work. Frustrating.
I have not needed to port to openssl 3 yet myself but I am sure I found
detailed docs on the openssl site about how to port to 3 from 1.1.
If you have not looked there it is worthy searching for that resource.
I found something to that effect, and it was only partially helpful, and
full of dead-ends. Here's an example. If the code was using EVP_des_cbc()
it'll still comple, but fail at run time. The migration guide talks up a
storm about replacement functions, that take a bunch of additional
parameters. Trying to use them will produce the same result.
Reading between the lines, and putting together clues from different places
you'll eventually figure out that you'll need to shove
OSSL_PROVIDER_load(NULL, "legacy");
as the first order of business in your main(). At this point, if the code
was also using more high level APIs, they'll all break. Until you figure out
that you also have to add
OSSL_PROVIDER_load(NULL, "default");
as well. Now everything works. And, you'll discover that the original
EVP_des_cbc() now miraculously come alive, and the replacement API didn't
buy you anything.
I don't even remember exactly how I figured out how to replace
PEM_read_bio_DHparams with a combination of
OSSL_LIB_CTX_get0_global_default(), PEM_read_bio_Parameters_ex(), and a
handful of assorted EVP_PKEY*-based logic. I don't recall finding that in a
single migration guide, but rather a bunch of Google searches.
Contrast and compare with the autotools updates, which were just as
disruptive. But they didn't require a migration guide. autoupdate threw
back at me a laundry list of obsoleted function and exactly what to do about
them, and there were more breadcrumbs in the rewritten configure.ac-s.