Am 28.06.26 um 23:26 schrieb Alejandro Colomar via Mutt-dev:
Hi Dennis,

On 2026-06-28T22:44:45+0200, Dennis Preiser wrote:
On Sun, Jun 28, 2026 at 06:56:14PM +0200, Matthias Andree via Mutt-dev wrote:
Thanks. Regarding the #ifdefs, wouldn't the accessor functions also work on
older OpenSSL releases, too, so that mutt could switch to the accessor API
wholesale?
I'm not really familiar with OpenSSL, so I played it safe.

According to <https://docs.openssl.org/1.0.2/man3/ASN1_STRING_length/>,
ASN1_STRING_length() has been available since at least version 1.0.2,
and ASN1_STRING_get0_data() since at least version 1.1.1
<https://docs.openssl.org/1.1.1/man3/ASN1_STRING_length/>.

LibreSSL dates back to July 2014 (2.0.0), which would be before OpenSSL
1.0.2 (January 2015). I haven“t been able to find online when these two
functions became available in LibreSSL.
        alx@devuan:/tmp/openbsd$ git ref aeeae06a7981
        aeeae06a7981 (1998-10-05; "Import of SSLeay-0.9.0b with RSA and IDEA stubbed 
+ OpenBSD build functionality for shared libs.")
        alx@devuan:/tmp/openbsd$ git show aeeae06a7981 | grep ASN1_STRING_length
        +#define ASN1_STRING_length(x)  ((x)->length)
        +       ret=ASN1_STRING_length(a->value.octet_string);
        +       ASN1_STRING_length(osp)=size;
        +       length=ASN1_STRING_length(a->value.sequence);
        +       ret=ASN1_STRING_length(os);
        alx@devuan:/tmp/openbsd$ git ref 203972bb77b5
        203972bb77b5 (2018-02-14; "Provide ASN1_STRING_get0_data().")
        alx@devuan:/tmp/openbsd$ git show 203972bb77b5 | grep 
ASN1_STRING_get0_data
            Provide ASN1_STRING_get0_data().
        +ASN1_STRING_get0_data
        +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
        +ASN1_STRING_get0_data(const ASN1_STRING *x)
        alx@devuan:/tmp/openbsd$ git describe --contains 203972bb77b5
        libressl-v2.7.0~266
        alx@devuan:/tmp/openbsd$ git describe --contains aeeae06a7981
        OPENBSD_2_6_BASE~147^2

ASN1_STRING_length() seems to be there since forever, while
ASN1_STRING_get0_data() was added recently (2018; libressl-v2.7.0).

Why is LibreSSL a thing now? (not only in Alex's mail) OpenSSL 1.x is EOL, and LibreSSL is, by and large, an OpenBSD thing because there it can be argued to be part of the operating system so that its license does not interfere. In my open source stuff I stopped caring for antediluvian OpenSSL APIs. Support OpenSSL >= 3.5 and as long as you don't do too fancy stuff OpenBSD's, LibreSSL will cope.

--
Matthias Andree

Reply via email to