Am 09.03.21 um 12:54 schrieb Илья Шипицин: > Hello, > > if nobody minds, I can send several patches that eliminates comparison > of OPENSSL_VERSION, for example > > > diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c > index 49698e4b..316cca6f 100644 > --- a/src/openvpn/crypto_openssl.c > +++ b/src/openvpn/crypto_openssl.c > @@ -51,7 +51,8 @@ > #include <openssl/rand.h> > #include <openssl/ssl.h> > > -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && > !defined(LIBRESSL_VERSION_NUMBER) > +#ifdef EVP_PKEY_TLS1_PRF > #include <openssl/kdf.h> > #endif
I do not really see a benefit here other than it a lot harder to drop support for OpenSSL 1.0.2 and not leaving dead code in the repository. The macro currently tells me exactly why the code is still there. The EVP_PKEY_TLS1_PRF is not clear. Is this an optional OpenSSL? Is it for an old version? Arne _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel