Hi Christopher, On Mon, Oct 19, 2015 at 03:05:05PM +0200, Christopher Faulet wrote: > Damned! I generated a huge amount of disturbances with my paches! Really > sorry for that.
Shit happens sometimes. I had my hours of fame with option http-send-name-header merged in 1.4-stable years ago, and that was so badly designed that it still managed to cause a lot of trouble during 1.6-dev. > Add a #ifdef to check the OpenSSL version seems to be a good fix. I > don't know if there is a workaround to do the same than > EVP_PKEY_get_default_digest_nid() for old OpenSSL versions. I was unsure how the code was supposed to work given that two blocks were replaced by two others and I was unsure whether there was a dependence. So as long as we can fall back to the pre-patch behaviour I'm perfectly fine. > This function is used to get default signature digest associated to the > private key used to sign generated X509 certificates. It is called when > the private key differs than EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC. > It should be enough for most of cases (maybe all cases ?). OK great. > By the way, I attached a patch to fix the bug. Thank you. Marcus, can you confirm that it's OK for you with this fix so that I can merge it ? Thanks! Willy