Hi Manu,
On Mon, Jul 23, 2018 at 06:12:34PM +0200, Emmanuel Hocdet wrote:
> Hi Willy,
>
> This patch is necessary to build with current BoringSSL (SSL_SESSION is now
> opaque).
> BoringSSL correctly matches OpenSSL 1.1.0 since 3b2ff028 for haproxy needs.
> The patch revert part of haproxy 019f9b10 (openssl-compat.h).
> This will not break openssl/libressl compat.
OK, but the chunk here seems to contradict this assertion :
@@ -119,13 +114,6 @@ static inline const OCSP_CERTID
*OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *
}
#endif
-#endif
-
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
-/*
- * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
- */
-
static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
{
return ctx->default_passwd_callback;
I'm seeing that libressl will use a different code that is common
with openssl while you seem to have targetted boringssl only. Maybe
this part escaped from a larger patch that you used during development ?
Thanks,
Willy
