Hi, On 04-03-18 19:59, Jeremie Courreges-Anglas wrote: > On Thu, Dec 14 2017, Steffan Karger <stef...@karger.me> wrote: > > [...] > >> NAK. >> >> Looking at this patch again I realize I have misunderstood the >> intentions when first looking at it. I thought LibreSSL *did* have an >> SSL_CTX_get0_certificate() and this patch would make us use it (instead >> of the workaround in the #else). But this is just about replacing the >> version check with a configure check. > > Are you still opposed to such a diff (updated version attached), now > that LibreSSL HEAD provides SSL_CTX_get0_certificate?
Yes, I'd rather not use the workaround if not needed. Still not very happy about the approach though. Why not simply add || LIBRESSL_VERSION > x.y.z ? >> I oppose that change because it >> hides information I want to have: "what code can be purged when we drop >> support for openssl 1.0 and libressl?". > > Maybe there's another way to encode that information? Like, > consistently formatted comments describing the first OpenSSL (and > LibreSSL) releases that provided a function? Yes, we could do that. But if we're going to put that info into the code anyway, why not just use the define? -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
