On Tue, 30 Sep 2014, Stuart Henderson wrote:
> On 2014/09/29 14:06, Christian Weisgerber wrote:
> > Apache doesn't like the addition of SSL_CTX_use_certificate_chain().
> >
> > ===> www/apache-httpd-openbsd
> >
> > ../../modules/ssl/ssl_util_ssl.h:119: error: conflicting types for
> > 'SSL_CTX_use_certificate_chain' /usr/include/openssl/ssl.h:1533: error:
> > previous declaration of 'SSL_CTX_use_certificate_chain' was here
> >
> > ===> www/apache-httpd
> >
> > ssl_util_ssl.h:92: error: conflicting types for
> > 'SSL_CTX_use_certificate_chain' /usr/include/openssl/ssl.h:1533: error:
> > previous declaration of 'SSL_CTX_use_certificate_chain' was here
>
> We could patch apache, but since they got there first (by more than
> 10 years) it probably makes more sense to rename in libressl doesn't it?
> (Obviously a major bump, though).
It can probably be renamed to SSL_CTX_use_certificate_chain_PEM() - especially
since the memory that it loads has to contain PEM encoded certificates...
this would match the _ASN1 suffixed functions. Otherwise
SL_CTX_use_certificate_chain_mem() would be another option.
That said, as mentioned on ICB, OpenSSL largely owns the SSL_* and SSL_CTX_*
namespace - if you import openssl/ssl.h and then declare your own functions
with these prefixes you're pretty much asking for conflicts at some point.
The same problem would surface if OpenSSL proper ever added such a function.
Is this the only ports fallout?
--
"Action without study is fatal. Study without action is futile."
-- Mary Ritter Beard
