> Le 19 juil. 2017 à 14:54, Willy Tarreau <[email protected]> a écrit : > > Hi guys, > > On Wed, Jul 12, 2017 at 03:36:24PM +0200, Emeric Brun wrote: >> Same worries, the openssl 0.9.8 is still maintained in redhat 5 so we should >> be able to compile with this version. > > OK so I checked and this patch is OK with 0.9.8zh, 1.0.0t, 1.0.1u and 1.0.2k, > so I merged it. >
Thanks! > However Manu, the following patch broke 0.9.8 and 1.0.0 : > > commit 0594211987351eaf521577b798a3a461b043710c > Author: Emmanuel Hocdet <[email protected]> > Date: Mon Feb 20 16:11:50 2017 +0100 > > MEDIUM: boringssl: support native multi-cert selection without bundling > > This patch used boringssl's callback to analyse CLientHello before any > handshake to extract key signature capabilities. > Certificat with better signature (ECDSA before RSA) is choosed > transparenty, if client can support it. RSA and ECDSA certificates can > be declare in a row (without order). This makes it possible to set > different ssl and filter parameter with crt-list. > > src/ssl_sock.c: In function 'ssl_sock_load_cert_chain_file': > src/ssl_sock.c:3038:20: error: 'TLSEXT_signature_anonymous' undeclared (first > use in this function) > src/ssl_sock.c:3038:20: note: each undeclared identifier is reported only > once for each function it appears in > src/ssl_sock.c:3063:14: error: 'TLSEXT_signature_rsa' undeclared (first use > in this function) > src/ssl_sock.c:3066:14: error: 'TLSEXT_signature_ecdsa' undeclared (first use > in this function) > /g/public/linux/master/x86_64-gcc47_glibc218-linux-gnu-gcc -Iinclude -Iebtree > -Wall -pg -O0 -g -fno-strict-aliasing -Wdeclaration-after-statemen > > I think this is minor considering that you added an argument, probably > you can simply "#ifndef x /#define x 0" on it. Could you please have a > look ? > Of course! It’s not a big problem, i will simply drop this information because is not used in this context. ++ Manu
