On Sun, Mar 04 2018, selva.n...@gmail.com wrote: > From: Selva Nair <selva.n...@gmail.com> > > Openssl docs do not explicitly state these to be macros although they > are currently defined as such.
Actually they are documented as macros by OpenSSL since day 1, see NOTES. > Use AC_CHECK_DECLS to test for these so that > both function and macro forms could be detected. Looks like the right way to handle such a situation. Your diff looks good, and works for me against LibreSSL HEAD on OpenBSD-current: checking whether SSL_CTX_get_min_proto_version is declared... no checking whether SSL_CTX_get_max_proto_version is declared... no checking whether SSL_CTX_set_min_proto_version is declared... yes checking whether SSL_CTX_set_max_proto_version is declared... yes PASS: t_lpback.sh The following test will take about two minutes. If the addresses are in use, this test will retry up to two times. PASS: t_cltsrv.sh ==================== All 2 tests passed (1 test was not run) ==================== > Signed-off-by: Selva Nair <selva.n...@gmail.com> > --- > Though not meant as a fixup for libressl, as a side effect > this also makes 2.4.5 build with newer libressl versions. > (built on freebsd 11 using libressl 2.6.4 while testing patch 238) > Notes: (i) libressl defines only the set functions and neither > are macros. So get functions will get used from the compat layer. More notes, possibly relevant: - LibreSSL implement those as functions to provide better type checking. IIUC this is inspired by the same choice done in BoringSSL. - yesterday I added macros for compatibility in LibreSSL HEAD, see https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/ssl.h This should land in LibreSSL 2.7.0. - adding the getters part is planned > configure.ac | 12 ++++++++++++ > src/openvpn/openssl_compat.h | 8 ++++---- > 2 files changed, 16 insertions(+), 4 deletions(-) > > diff --git a/configure.ac b/configure.ac > index 626b4dd..2a8e87f 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -948,6 +948,18 @@ if test "${with_crypto_library}" = "openssl"; then > EC_GROUP_order_bits > ] > ) > + AC_CHECK_DECLS( > + [ > + SSL_CTX_get_min_proto_version, > + SSL_CTX_get_max_proto_version, > + SSL_CTX_set_min_proto_version, > + SSL_CTX_set_max_proto_version, > + ], > + , > + , > + [[#include <openssl/ssl.h>]] > + > + ) > > CFLAGS="${saved_CFLAGS}" > LIBS="${saved_LIBS}" > diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h > index d375fab..340d452 100644 > --- a/src/openvpn/openssl_compat.h > +++ b/src/openvpn/openssl_compat.h > @@ -661,7 +661,7 @@ EC_GROUP_order_bits(const EC_GROUP *group) > #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT > #endif > > -#ifndef SSL_CTX_get_min_proto_version > +#if !HAVE_DECL_SSL_CTX_GET_MIN_PROTO_VERSION > /** Return the min SSL protocol version currently enabled in the context. > * If no valid version >= TLS1.0 is found, return 0. */ > static inline int > @@ -684,7 +684,7 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx) > } > #endif /* SSL_CTX_get_min_proto_version */ > > -#ifndef SSL_CTX_get_max_proto_version > +#if !HAVE_DECL_SSL_CTX_GET_MAX_PROTO_VERSION > /** Return the max SSL protocol version currently enabled in the context. > * If no valid version >= TLS1.0 is found, return 0. */ > static inline int > @@ -707,7 +707,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx) > } > #endif /* SSL_CTX_get_max_proto_version */ > > -#ifndef SSL_CTX_set_min_proto_version > +#if !HAVE_DECL_SSL_CTX_SET_MIN_PROTO_VERSION > /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */ > static inline int > SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) > @@ -736,7 +736,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long > tls_ver_min) > } > #endif /* SSL_CTX_set_min_proto_version */ > > -#ifndef SSL_CTX_set_max_proto_version > +#if !HAVE_DECL_SSL_CTX_SET_MAX_PROTO_VERSION > /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */ > static inline int > SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max) -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
