Re: [PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode
On Fri, Sep 24, 2021 at 08:25:23PM +0500, ??? wrote: > I thought that it would be overcomplicating, but I've got your idea. > I will send v2 this weekend or early next week Thank you :-) No rush anyway. Willy
Re: [PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode
пт, 24 сент. 2021 г. в 20:23, Willy Tarreau : > On Fri, Sep 24, 2021 at 08:09:29PM +0500, ??? wrote: > > ??, 24 . 2021 ?. ? 19:49, Willy Tarreau : > > > > > On Fri, Sep 24, 2021 at 07:14:40PM +0500, ??? wrote: > > > > > I'd really prefer that we address all this API stuff through the > > > > > openssl-compat stuff, so that over time we can more easily drop > > > > > unneeded stuff. Above that could be done this way: > > > > > > > > > > #if (OPENSSL_VERSION_NUMBER >= 0x3000L) > > > > > # define ERR_func_error_string(ret) "OPENSSL_internal" > > > > > #endif > > > > > > > > > > > > > > > > > This introduces dangerous dependency on ERR_func_error_string being > > > > substituted by preprocessor before it is passed to the compiler (or > not) > > > > > > If it were defined you wouldn't have to work around it. And if you're > > > worried that it may still be defined in some cases (which I perfectly > > > understand), then you can just prepend a #undef before the #define. > > > > > > > I believe it is a function (at least for earlier openssl) > > G... so we'll have to provide a wrapper outselves :-/ > I thought that it would be overcomplicating, but I've got your idea. I will send v2 this weekend or early next week > > Willy >
Re: [PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode
On Fri, Sep 24, 2021 at 08:09:29PM +0500, ??? wrote: > ??, 24 . 2021 ?. ? 19:49, Willy Tarreau : > > > On Fri, Sep 24, 2021 at 07:14:40PM +0500, ??? wrote: > > > > I'd really prefer that we address all this API stuff through the > > > > openssl-compat stuff, so that over time we can more easily drop > > > > unneeded stuff. Above that could be done this way: > > > > > > > > #if (OPENSSL_VERSION_NUMBER >= 0x3000L) > > > > # define ERR_func_error_string(ret) "OPENSSL_internal" > > > > #endif > > > > > > > > > > > > > This introduces dangerous dependency on ERR_func_error_string being > > > substituted by preprocessor before it is passed to the compiler (or not) > > > > If it were defined you wouldn't have to work around it. And if you're > > worried that it may still be defined in some cases (which I perfectly > > understand), then you can just prepend a #undef before the #define. > > > > I believe it is a function (at least for earlier openssl) G... so we'll have to provide a wrapper outselves :-/ Willy
Re: [PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode
пт, 24 сент. 2021 г. в 19:49, Willy Tarreau : > On Fri, Sep 24, 2021 at 07:14:40PM +0500, ??? wrote: > > > I'd really prefer that we address all this API stuff through the > > > openssl-compat stuff, so that over time we can more easily drop > > > unneeded stuff. Above that could be done this way: > > > > > > #if (OPENSSL_VERSION_NUMBER >= 0x3000L) > > > # define ERR_func_error_string(ret) "OPENSSL_internal" > > > #endif > > > > > > > > > This introduces dangerous dependency on ERR_func_error_string being > > substituted by preprocessor before it is passed to the compiler (or not) > > If it were defined you wouldn't have to work around it. And if you're > worried that it may still be defined in some cases (which I perfectly > understand), then you can just prepend a #undef before the #define. > I believe it is a function (at least for earlier openssl) > > Cheers, > Willy >
Re: [PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode
On Fri, Sep 24, 2021 at 07:14:40PM +0500, ??? wrote: > > I'd really prefer that we address all this API stuff through the > > openssl-compat stuff, so that over time we can more easily drop > > unneeded stuff. Above that could be done this way: > > > > #if (OPENSSL_VERSION_NUMBER >= 0x3000L) > > # define ERR_func_error_string(ret) "OPENSSL_internal" > > #endif > > > > > This introduces dangerous dependency on ERR_func_error_string being > substituted by preprocessor before it is passed to the compiler (or not) If it were defined you wouldn't have to work around it. And if you're worried that it may still be defined in some cases (which I perfectly understand), then you can just prepend a #undef before the #define. Cheers, Willy
Re: [PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode
пт, 24 сент. 2021 г. в 18:44, Willy Tarreau : > Hi Ilya, > > On Mon, Sep 20, 2021 at 10:37:04PM +0500, ??? wrote: > > Subject: [PATCH] BUILD: SSL: function "ERR_func_error_string" is > deprecated in > > OpenSSL-3.0.0 > > > > let us prepare for using OpenSSL-3.0.0 in no deprecation mode > > --- > > src/ssl_sock.c | 7 ++- > > 1 file changed, 6 insertions(+), 1 deletion(-) > > > > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > > index a87d70b89..79b8b53ca 100644 > > --- a/src/ssl_sock.c > > +++ b/src/ssl_sock.c > > @@ -606,7 +606,12 @@ static forceinline void ssl_sock_dump_errors(struct > connection *conn) > > return; > > fprintf(stderr, "fd[%#x] OpenSSL error[0x%lx] %s: > %s\n", > > conn->handle.fd, ret, > > - ERR_func_error_string(ret), > ERR_reason_error_string(ret)); > > +#if (OPENSSL_VERSION_NUMBER >= 0x3000L) > > + "OPENSSL_internal", > > +#else > > + ERR_func_error_string(ret), > > +#endif > > + ERR_reason_error_string(ret)); > > I'd really prefer that we address all this API stuff through the > openssl-compat stuff, so that over time we can more easily drop > unneeded stuff. Above that could be done this way: > > #if (OPENSSL_VERSION_NUMBER >= 0x3000L) > # define ERR_func_error_string(ret) "OPENSSL_internal" > #endif > This introduces dangerous dependency on ERR_func_error_string being substituted by preprocessor before it is passed to the compiler (or not) > > This will also help us deal with the various forks that will sooner or > later start to adopt the new API. > > thanks! > Willy >
Re: [PATCH] guard "ERR_func_error_string" for OpenSSL-3.0.0 no deprecated mode
Hi Ilya, On Mon, Sep 20, 2021 at 10:37:04PM +0500, ??? wrote: > Subject: [PATCH] BUILD: SSL: function "ERR_func_error_string" is deprecated in > OpenSSL-3.0.0 > > let us prepare for using OpenSSL-3.0.0 in no deprecation mode > --- > src/ssl_sock.c | 7 ++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > index a87d70b89..79b8b53ca 100644 > --- a/src/ssl_sock.c > +++ b/src/ssl_sock.c > @@ -606,7 +606,12 @@ static forceinline void ssl_sock_dump_errors(struct > connection *conn) > return; > fprintf(stderr, "fd[%#x] OpenSSL error[0x%lx] %s: %s\n", > conn->handle.fd, ret, > - ERR_func_error_string(ret), > ERR_reason_error_string(ret)); > +#if (OPENSSL_VERSION_NUMBER >= 0x3000L) > + "OPENSSL_internal", > +#else > + ERR_func_error_string(ret), > +#endif > + ERR_reason_error_string(ret)); I'd really prefer that we address all this API stuff through the openssl-compat stuff, so that over time we can more easily drop unneeded stuff. Above that could be done this way: #if (OPENSSL_VERSION_NUMBER >= 0x3000L) # define ERR_func_error_string(ret) "OPENSSL_internal" #endif This will also help us deal with the various forks that will sooner or later start to adopt the new API. thanks! Willy
