Hi Willy, Emeric, list! Two OpenSSL forks recently appeared, OpenBSD's LibreSSL and Google's boringssl.
Both projects are very interesting (for early adopters). While HAProxy builds fine against LibreSSL (2.0.5), it needs some adjustments to build against boringssl. The following patchset fixes those issues with some ifdef'ing, technical details are in the individual commit message. I decided to fix one problem per commit, instead of 4 problems in one commit, as it easier to review, understand and revert (some of those workarounds may not be needed forever, for example the one regarding OCSP). I think it would be a good thing to get this into the development tree, so that people can start playing with it. cheers, Lukas Lukas Tribus (4): BUILD: ssl: handle boringssl in openssl version detection BUILD: ssl: disable OCSP when using boringssl BUILD: ssl: don't call get_rfc2409_prime when using boringssl MINOR: ssl: don't use boringssl's cipher_list include/proto/ssl_sock.h | 2 +- src/dumpstats.c | 2 +- src/haproxy.c | 7 ++++++- src/ssl_sock.c | 36 ++++++++++++++++++++++-------------- 4 files changed, 30 insertions(+), 17 deletions(-) -- 1.9.1
