Hello, On Sun, Nov 24, 2019 at 6:20 PM Lukas Tribus <lu...@ltri.eu> wrote: > > Since commit 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER > instead of OPENSSL_VERSION_NUMBER") we restrict LibreSSL to the OpenSSL > 1.0.1 API, to avoid breaking LibreSSL every minute. We set > HA_OPENSSL_VERSION_NUMBER to 0x1000107fL if LibreSSL is detected and > only allow curves to be configured if HA_OPENSSL_VERSION_NUMBER is at > least 0x1000200fL. > > However all relevant LibreSSL releases actually support settings curves, > which is now broken. Fix this by always allowing curve configuration when > using LibreSSL. > > Reported on GitHub in issue #366. > > Fixes: 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead > of OPENSSL_VERSION_NUMBER").
Should be backported to 2.0. Lukas