Le 19 juil. 2017 à 14:54, Willy Tarreau <[email protected]> a écrit :
Hi guys,
On Wed, Jul 12, 2017 at 03:36:24PM +0200, Emeric Brun wrote:
Same worries, the openssl 0.9.8 is still maintained in redhat 5 so we should
be able to compile with this version.
OK so I checked and this patch is OK with 0.9.8zh, 1.0.0t, 1.0.1u and 1.0.2k,
so I merged it.
Thanks!However Manu, the following patch broke 0.9.8 and 1.0.0 :
commit 0594211987351eaf521577b798a3a461b043710c
Author: Emmanuel Hocdet <[email protected]>
Date: Mon Feb 20 16:11:50 2017 +0100
MEDIUM: boringssl: support native multi-cert selection without bundling
This patch used boringssl's callback to analyse CLientHello before any
handshake to extract key signature capabilities.
Certificat with better signature (ECDSA before RSA) is choosed
transparenty, if client can support it. RSA and ECDSA certificates can
be declare in a row (without order). This makes it possible to set
different ssl and filter parameter with crt-list.
src/ssl_sock.c: In function 'ssl_sock_load_cert_chain_file':
src/ssl_sock.c:3038:20: error: 'TLSEXT_signature_anonymous' undeclared (first use in this function)
src/ssl_sock.c:3038:20: note: each undeclared identifier is reported only once for each function it appears in
src/ssl_sock.c:3063:14: error: 'TLSEXT_signature_rsa' undeclared (first use in this function)
src/ssl_sock.c:3066:14: error: 'TLSEXT_signature_ecdsa' undeclared (first use in this function)
/g/public/linux/master/x86_64-gcc47_glibc218-linux-gnu-gcc -Iinclude -Iebtree -Wall -pg -O0 -g -fno-strict-aliasing -Wdeclaration-after-statemen
I think this is minor considering that you added an argument, probably
you can simply "#ifndef x /#define x 0" on it. Could you please have a
look ?
Of course!It’s not a big problem, i will simply drop this information because is not used in this context.
… or set missing define:
|
0001-BUILD-ssl-fix-compatibility-with-openssl-without-TLS.patch
Description: Binary data
