Hello, On Mon, 16 Dec 2019 at 20:53, Rosen Penev <[email protected]> wrote: > > Any reason why would not just #ifndef X509_getm_notBefore, testing for > > what we actually want instead of those backbreaking version > > assumptions? > X509_getm_notBefore is a function, not a define.
A function which needs to be defined somewhere: https://github.com/openssl/openssl/blob/25d7cd1d69e5d5df9c9f346922a48797baca03b7/include/openssl/x509.h#L658 We do exactly the same with X509_get_X509_PUBKEY: https://github.com/haproxy/haproxy/blob/e9a100e982cd1fac201e6e2862cc666887e202e9/include/common/openssl-compat.h#L101 We do need this code path for boringssl. We previously entered it when boringssl was used (without being aware of it, because of the very issue we are trying to fix here), so the build was fine. But if we fix the issue we have to take care of boringssl also. That's why I'm suggesting: #ifndef X509_getm_notBefore #define X509_getm_notBefore X509_get_notBefore #define X509_getm_notAfter X509_get_notAfter #endif Am I missing something? cheers, lukas
