ср, 8 мая 2019 г. в 14:50, Willy Tarreau <w...@1wt.eu>:

> On Wed, May 08, 2019 at 02:06:31PM +0500, ???? ??????? wrote:
> > > Ilya, could you please instead change the test like this and test
> again :
> > >
> > > -#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L)
> > > +#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x1010100fL)
> > >
> >
> > LibreSSL defines is
> >
> > #define OPENSSL_VERSION_NUMBER    0x20000000L
> >
> > it is bigger then any released OpenSSL (yet, for openssl master it is
> 3.0.0)
>
> So this behaviour from them make them complete bastards and will
> constantly break each and every program trying to build with it :-(
>
> This stupidity really makes me want to completely remove support for
> libressl.
>


I guess the same would be with BoringSSL. It exposes OPENSSL_VERSION_NUMBER
and it is not openssl itself.

yes, we can add warning.


>
> I don't know when they forked nor what is the latest version they are
> *really* compatible with, but what we should probably do is to change
> their marketing version to a real version in the compat.h file to do
> something like this :
>
> #if defined(LIBRESSL_VERSION_NUMBER)
> #undef OPENSSL_VERSION_NUMBER
> #define OPENSSL_VERSION_NUMBER 0x10something
> #endif
>
> This way we won't have to guard ourselves against these lies each and
> every time we add something to deal with some openssl-specific issues
> or features. Ideas welcome, of course. If for any reason we can't do
> something like the above, we should at least add a big fat warning when
> building with it to explicitly mention that it uses fake version numbers
> overlapping with openssl versions and may trigger API incompatibility
> issues that might result in runtime problems, so that users are warned.
>
> Willy
>

Reply via email to