On 2. 1. 26 14:04, Daniel Sahlberg wrote:
Den tors 1 jan. 2026 kl 18:33 skrev<[email protected]>:
Author: brane
Date: Thu Jan 1 17:33:48 2026
New Revision: 1931046
...
Use OSSL_STORE_open() instead of the _ex() variant because we don't
use any of the extended parameters.
...
#if defined(SERF_HAVE_OSSL_STORE_OPEN_EX)
...
- store = OSSL_STORE_open_ex(cert_uri, NULL, NULL, ui_method, ctx,
NULL,
- NULL, NULL);
+ store = OSSL_STORE_open(cert_uri, ui_method, ctx, NULL, NULL);
Does it make sense to also re-name the define (and obviously also change
the feature detection in SConstruct/CMakeList.txt)? As far as I can tell,
the other functions that are used protected by this #ifdef should be
available whenever OSSL_STORE_open is available.
If OSSL_STORE_open_ex() is available, then OSSL_STORE_open() is, as
well, as well as the related structures. I looked at changing the check,
but I think that at most we could change the symbol name.
In practice this means we would support the OSSL_STORE functions even with
OpenSSL 1.1 (OSSL_STORE_open_ex appeared in 3.0). On the other hand, nobody
should be using such an old version anyway...
We could just use the OPENSSL_VERSION_PREREQ() macro. I think it's
better to restrict the use of this feature to OpenSSL 3+, so looking for
OSSL_STORE_open_ex() even if we don't use it is OK.
-- Brane
