On Sun, Mar 04 2018, Selva Nair <selva.n...@gmail.com> wrote: [...]
> Libressl developers break API compatibility with openssl in such > perverse ways that there are no easy ways to support it. Take, for > example, the patch I just sent out which checks for certain functions > instead of disabling using LIBRESSL_VERSION_NUMBER. It finds two "set" > functions defined in libressl but two related "get" ones are not > found. So the compat layer will get used for those. But there is no > guarantee that such mixed usage leads to logically correct code. In > fact, the compat layer functions for min/max proto-version are not the > same as those in openssl 1.1. Those are a work around meant for > cleanly handling multiple versions of openssl without using ifdefs all > over the code. If libressl has implemented those set functions as in > openssl 1.1, then those get functions from compat layer would not be > what you should be using, but that's what you will get. I'd like to add more details here. At the time LibreSSL added the setters (May 2017)[1], OpenSSL itself only provided said setters (since 2015)[2]. The getters were added to OpenSSL later (Sep 2017)[3]. [1] https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/ssl.h.diff?r1=1.127&r2=1.128 [2] https://github.com/openssl/openssl/commit/7946ab33cecce60afcc00afc8fc18f31f9e66bff [3] https://github.com/openssl/openssl/commit/3edabd3ccb7aac89af5a63cfb2378e33a8be05d7 So I don't think the current situation can be summed up as a plain oversight or bad design choice. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel