On Wed, May 08, 2019 at 01:13:56PM +0500, ???? ??????? wrote:
> > libressl ? My understanding of this thing is that this problem is not
> > easy to detect by accident and causes a mess for people who reload often.
> > If libressl is affected by this we probably need to find a different
> > fix. And if it's not affected, at least the tested version(s) must be
> > mentioned in the commit message so that we can reconsider or refine this
> > choice later if/when the problem appears with a subsequent version.
> > CCing William and Emeric who worked on addressing this issue for OpenSSL.
> >
> I planned to have a look at it actually. The idea is to write some reg test
> which will reload and watch for open FDs.
> not sure whether it is easy or not

But before writing reg tests, it's important not to revert part of a patch
without knowing if it brings the issue back. Otherwise you end up with a
patch merged into a branch, making users believe their bug is fixed since
the patch is there, while in fact it was later silently reverted as a
"build fix".

> the idea behind quick patch is "if you use LibreSSL you are on your own and
> you have been warned"
> (yes, we did our best to make it work with LibreSSL, but it is still a
> niche solution, not very well tested)

Some of the users here do rely on it. However, seeing that you had to
turn off this test makes me think that LibreSSL pretends to be openssl
1.1.1 but is not compatible with it. I suspect that instead the OpenSSL
test version is wrong in the original patch. It seems to be testing for
1.1.1-dev instead of testing for 1.1.1-release. So probably that this
RAND_* function appears late in the development process and that libressl
only complies with an early 1.1.1-dev version.

Surprisingly I'm seeing that *all* of our tests for 1.1.1 are wrong. I
suspect that one was either wrong or deliberate initially and that it
got copy-pasted everywhere :-(

Ilya, could you please instead change the test like this and test again :

-#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x1010100fL)


Reply via email to