Hello!
Am 16.11.2016 um 15:39 schrieb Willy Tarreau:
Same here. What is annoying is that every time it appears, it's protected
by a #if OPENSSL_VERSION_NUMBER >= 1.1.0 so that means that LibreSSL is
spoofing OpenSSL version numbers without providing compatibility. If so,
that will become quite painful to support.
Something like this (which is already in the code twice) should permit
the build:
#if (OPENSSL_VERSION_NUMBER >= ......... && !defined
LIBRESSL_VERSION_NUMBER)
It will be a mess, and it will unconditionally disable new features for
all LibreSSL releases, but I
don't see any other easy way out of this.
LibreSSL folks will insist on some autoconf testing of functions at
build time, which is not
something we can do in haproxy, so there will never be a good solution
to this.
My suggestion for users would be to use stick to OpenSSL, even if
LibreSSL is available.
Lukas
