Hi WillyLe 24 juil. 2018 à 18:59, Willy Tarreau <[email protected]> a écrit :
Hi Manu,
On Mon, Jul 23, 2018 at 06:12:34PM +0200, Emmanuel Hocdet wrote:
Hi Willy,
This patch is necessary to build with current BoringSSL (SSL_SESSION is now opaque).
BoringSSL correctly matches OpenSSL 1.1.0 since 3b2ff028 for haproxy needs.
The patch revert part of haproxy 019f9b10 (openssl-compat.h).
This will not break openssl/libressl compat.
OK, but the chunk here seems to contradict this assertion :
@@ -119,13 +114,6 @@ static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *
}
#endif
-#endif
-
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
-/*
- * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
- */
-
static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
{
return ctx->default_passwd_callback;
I'm seeing that libressl will use a different code that is common
with openssl while you seem to have targetted boringssl only. Maybe
this part escaped from a larger patch that you used during development ?
It’s ok because this function is inserted upper in the patch.As said, it's only a revert from 019f9b10 patches for openssl-compat.h.From:# Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL / BoringSSL# Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSLTo:# Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
This patch is easier to read out of context:
|
0001-MINOR-ssl-BoringSSL-matches-OpenSSL-1.1.0.patch
Description: Binary data
