Hello,

On Sun, Nov 24, 2019 at 6:20 PM Lukas Tribus <lu...@ltri.eu> wrote:
>
> Since commit 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER
> instead of OPENSSL_VERSION_NUMBER") we restrict LibreSSL to the OpenSSL
> 1.0.1 API, to avoid breaking LibreSSL every minute. We set
> HA_OPENSSL_VERSION_NUMBER to 0x1000107fL if LibreSSL is detected and
> only allow curves to be configured if HA_OPENSSL_VERSION_NUMBER is at
> least 0x1000200fL.
>
> However all relevant LibreSSL releases actually support settings curves,
> which is now broken. Fix this by always allowing curve configuration when
> using LibreSSL.
>
> Reported on GitHub in issue #366.
>
> Fixes: 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead
> of OPENSSL_VERSION_NUMBER").

Should be backported to 2.0.


Lukas

Reply via email to