On Tue, 30 Sep 2014, Stuart Henderson wrote:
> On 2014/09/30 11:20, Stuart Henderson wrote:
> > On 2014/09/29 14:06, Christian Weisgerber wrote:
> > > Apache doesn't like the addition of SSL_CTX_use_certificate_chain().
> > >
> > > ===> www/apache-httpd-openbsd
> > >
> > > ../../modules/ssl/ssl_util_ssl.h:119: error: conflicting types for
> > > 'SSL_CTX_use_certificate_chain' /usr/include/openssl/ssl.h:1533: error:
> > > previous declaration of 'SSL_CTX_use_certificate_chain' was here
> > >
> > > ===> www/apache-httpd
> > >
> > > ssl_util_ssl.h:92: error: conflicting types for
> > > 'SSL_CTX_use_certificate_chain' /usr/include/openssl/ssl.h:1533: error:
> > > previous declaration of 'SSL_CTX_use_certificate_chain' was here
> >
> > We could patch apache, but since they got there first (by more than
> > 10 years) it probably makes more sense to rename in libressl doesn't it?
> > (Obviously a major bump, though).
>
> Major bump would mean we can remove the get_cipher_by_char symbol (turning
> the tor problem into a build rather than runtime failure) at the same time.
A major bump is not a big problem - I think there is more changes that can be
included, but I'd have to check.
> Or should we just add a few more to the 3 patches to Apache that are
> already required to build it against libressl and rename it there
> instead? None of the apache extensions that we have in ports call it
> (though that probably isn't a very complete set).
>
> (My guess with the naming under the SSL_CTX namespace is that perhaps
> it's something they might have thought about trying to push upstream to
> ssleay/openssl.)
It would seem that way, also based on the "additional" comment in that file.
--
"Action without study is fatal. Study without action is futile."
-- Mary Ritter Beard
