On Fri, May 22, 2015 at 6:29 PM, Rainer Jung <[email protected]> wrote: > > 2) In modules/ssl/ssl_private.h I see > > /** > * The following features all depend on TLS extension support. > * Within this block, check again for features (not version numbers). > */ > #if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) > > #define HAVE_TLSEXT
I guess this was (one of) the first TLS extention added to OpenSSL, hence OPENSSL_NO_TLSEXT was probably defined at the same time as SSL_set_tlsext_host_name. This code checks if extensions are not disabled (OPENSSL_NO_TLSEXT), but that's relevent only if they exist in OpenSSL (SSL_set_tlsext_host_name). > > Should we switch the code to: > > /** > * The following features all depend on TLS extension support. > * Within this block, check again for features (not version numbers). > */ > #if !defined(OPENSSL_NO_TLSEXT) That would be true before OPENSSL_NO_TLSEXT existed... Regards, Yann.
