[PATCH] BUILD: ssl: fix SSL_OP_NO_SSLv3 with LibreSSL >= 2.3.0

[Emmanuel Hocdet]

Hi Cyril, This patch should fix the build issue

0001-BUILD-ssl-fix-SSL_OP_NO_SSLv3-with-LibreSSL-2.3.0.patch
Description: Binary data

Can you check it’s your case? Manu Le 22 mai 2017 à 12:08, Emmanuel Hocdet <m...@gandi.net> a écrit : Hi Cyril, Le 18 mai 2017 à 23:02, Cyril Bonté <cyril.bo...@free.fr> a écrit : Hi all, Le 12/05/2017 à 15:13, Willy Tarreau a écrit : Hi guys, On Tue, May 09, 2017 at 11:21:36AM +0200, Emeric Brun wrote: It seems to do what we want, so we can merge it. So the good news is that this patch set now got merged :-) Commit 5db33cbdc4 [1] seems to have broken the compilation when OPENSSL_NO_SSL3 is defined : SSLv3_server_method() and SSLv3_client_method() won't exist in this case. Previously there was a condition to verify this, which has disappeared with this patch set. There is something wrong with that. What is going on if haproxy is build with OPENSSL_NO_SSL3 and library support SSLv3? If library does not support SSLv3, haproxy should compile and disable SSLv3 natively, without this compilation flag. I look at the current LibreSSL include and SSL_OP_NO_SSLv3 is correctly set to 0 => haproxy will build natively without SSLv3. What is the value of SSL_OP_NO_SSLv3 in our ssl library? Perhaps it could be fix in openssl-compat.h. #if LIBRESSL_VERSION_NUMBER >= X #undef SSL_OP_NO_SSLv3 #define SSL_OP_NO_SSLv3 0 #endif Thanks for your time and efforts back-and-forth on this one! Willy [1] http://www.haproxy.org/git?p=haproxy.git;a=commit;h=5db33cbdc4f2952cbd3c140edce0eda84e1447b4 --  Cyril Bonté