On Sat, Jul 2, 2016 at 2:02 PM, Kean Johnston <kean.johns...@gmail.com> wrote: > On 2016-07-01 5:22 PM, Yann Ylavic wrote: >> >> http://home.apache.org/~ylavic/patches/httpd-2.4.x-ab_sni.patch. > > This line worries me: > > +#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) > > That assumes that SSL_set_tlsext_host_name will always be implemented as a > macro by OpenSSL, which is not a safe assumption.
This is the same check as in httpd, and it's so not very critical I guess. > > Is SSL_CTRL_SET_TLSEXT_HOSTNAME not a more appropriate macro to check? Actually SSL_set_tlsext_host_name is defined in term of SSL_ctrl(.., SSL_CTRL_SET_TLSEXT_HOSTNAME, ...) so if/when they decide to make it a real function, they'll likely remove SSL_CTRL_SET_TLSEXT_HOSTNAME altogether, and we'll break too... Regards, Yann. > >
