On 2014/09/30 11:20, Stuart Henderson wrote: > On 2014/09/29 14:06, Christian Weisgerber wrote: > > Apache doesn't like the addition of SSL_CTX_use_certificate_chain(). > > > > ===> www/apache-httpd-openbsd > > > > ../../modules/ssl/ssl_util_ssl.h:119: error: conflicting types for > > 'SSL_CTX_use_certificate_chain' > > /usr/include/openssl/ssl.h:1533: error: previous declaration of > > 'SSL_CTX_use_certificate_chain' was here > > > > ===> www/apache-httpd > > > > ssl_util_ssl.h:92: error: conflicting types for > > 'SSL_CTX_use_certificate_chain' > > /usr/include/openssl/ssl.h:1533: error: previous declaration of > > 'SSL_CTX_use_certificate_chain' was here > > We could patch apache, but since they got there first (by more than > 10 years) it probably makes more sense to rename in libressl doesn't it? > (Obviously a major bump, though). >
Major bump would mean we can remove the get_cipher_by_char symbol (turning the tor problem into a build rather than runtime failure) at the same time. Or should we just add a few more to the 3 patches to Apache that are already required to build it against libressl and rename it there instead? None of the apache extensions that we have in ports call it (though that probably isn't a very complete set). (My guess with the naming under the SSL_CTX namespace is that perhaps it's something they might have thought about trying to push upstream to ssleay/openssl.)
