Hi, On Thu, Apr 13, 2017 at 04:23:56AM +1000, Steven McDonald wrote: > For example, OpenBSD does have pkg-config for libssl, but hasn't > updated it since LibreSSL was forked: > > $ pkg-config --modversion libssl > 1.0.0
I think LibreSSL needs to just die in flames...
Their approach of "we pretend to have OpenSSL's API, but we're not
telling you what is really in there, and our version number is meaningless"
is just needlessly painful. And we've been hit by this before.
(BoringSSL is not such a big problem since they are changing the API
in incompatible ways, so compilation will fail anyway)
But advocacy aside, since the pkg-config stuff isn't going to really
help us in deciding "this is good enough for us?", it looks like we
need a conftest.c that will just look at the version number #define
in <opensslv.h>, and that one can then differenciate against LibreSSL
as well ("if it's LibreSSL, 1.0.0 is good enough, if OpenSSL, 1.0.1").
Needless waste of human lifetime, but solvable.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
