[Interest] Qt 5.9 and OpenSSL 1.1?

Roland Hughes roland at logikalsolutions.com
Sat Sep 14 14:53:54 CEST 2019

On 9/14/19 5:00 AM, Thiago Macieira wrote:
> On Friday, 13 September 2019 00:12:44 PDT René J. V. Bertin wrote:
>>>> Ideally qt should be compatible for both. I understand this is not
>>>> doable ?
>>> It's not doable.
>> Technically it seems that it should be possible when loading the SSL
>> libraries at runtime, no?
> No. Loading the library is easy. Calling functions in it, with structures
> whose sizes (and names) differ between versions is not.
>>>> At least deliver binaries for both, please.
>>> That's one option we're studying, but that means you'll have to ask your
>>> user when they download.
>> What about LibreSSL, do they have the same inter-version compatibility
>> issues as OpenSSL has, and could you distribute a binary version in your
>> binary packages? If so, it could be worth the initial investment to start
>> supporting it?
> https://xkcd.com/927/

Thanks for the link Thiago. I really like the wind farm one on that page.

In the complete anarchy of OpenSource where 12 year old boys hacking in 
the fly (AGILE) all vying to be the "maintainer" of some package in some 
distro, no 2 versions of anything are _ever_ compatible. It's usually 
off by far more than tweaks. Generally the 12 year old boys (no matter 
how old the calendar says they are) declare "this code is sh*t, I'm 
going to rewrite it from scratch!" So much for maintaining!

In the good and virtuous proprietary world, where products are created 
and maintained by a single vendor looking to stay in business for 
hundreds of years, backward compatibility is paramount. At most you will 
have a few tweaks. VMS shell scripts (and many other things) ported from 
VAX (32-bit) to Alpha (64-bit) to Itanium (completely worthless 64-bit) 
and now to x86 with at most a couple of tweaks. The same is true for JCL 
and COBOL programs created in the 1970s on the IBM System-36. They 
ported to MVS and Z/OS with at most tiny tweaks. Some even claim they 
cleanly moved to OS/400.

Please keep in mind there is no version of SSL which is secure. All you 
are doing by using it is hanging a CLOSED sign on the unlocked door to a 
jewelry store having $20 million in inventory sitting in the cases 
without an alarm system.

Please also keep in mind the big systems are moving towards a TCP/IP 
software appliance within the OS. No application will be able to create 
or open a port. No application will be able to choose/define the 
transport layer security. They will open a logical-resource-handle 
provided by the OS and the systems manager will configure if that 
resource is I, O, or I/O as well as what the transport level protocols 
are. Eventually (within 5 years of adoption) this will be forced out 
into the IoT and lesser devices world as well.

Roland Hughes, President
Logikal Solutions


More information about the Interest mailing list