On Thu, Aug 3, 2017 at 9:25 AM, Ruediger Pluem <rpl...@apache.org> wrote:
>
> On 07/30/2017 01:05 AM, yla...@apache.org wrote:
>>
>> Modified: httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c
>> URL: 
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c?rev=1803396&r1=1803395&r2=1803396&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/ssl_ct_sct.c Sat Jul 29 23:05:02 2017
>> @@ -32,7 +32,7 @@ static apr_status_t verify_signature(sct
>>          return APR_EINVAL;
>>      }
>>
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
>
> Why not using MODSSL_USE_OPENSSL_PRE_1_1_API here?
>
>>      ctx = EVP_MD_CTX_create();
>>  #else
>>      ctx = EVP_MD_CTX_new();
>> @@ -41,7 +41,7 @@ static apr_status_t verify_signature(sct
>>      ap_assert(1 == EVP_VerifyUpdate(ctx, sctf->signed_data,
>>                                      sctf->signed_data_len));
>>      rc = EVP_VerifyFinal(ctx, sctf->sig, sctf->siglen, pkey);
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
>
> Why not using MODSSL_USE_OPENSSL_PRE_1_1_API here?

#including "ssl_private.h" in "ssl_ct_sct.c" doesn't work; the former
defines MODSSL_USE_OPENSSL_PRE_1_1 but also APLOG_USE_MODULE(ssl), the
latter has AP_DECLARE_MODULE(ssl_ct).

There are surely ways to address this, but I don't know how for now...


Regards,
Yann.

Reply via email to