Re: [PATCH] MINOR: generate-certificates for BoringSSL
Le 03/10/2018 à 12:52, Emmanuel Hocdet a écrit : Hi, For generate-certificates, X509V3_EXT_conf is used but it's an (very) old API call: X509V3_EXT_nconf must be preferred. Openssl compatibility is ok because it's inside #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME, introduce 5 years after X509V3_EXT_nconf. (BoringSSL only have X509V3_EXT_nconf) Christopher, if you have time to check this little patch :) Applied, thank you Manu! -- Christopher
Re: [PATCH] MINOR: generate-certificates for BoringSSL
Le 03/10/2018 à 12:52, Emmanuel Hocdet a écrit : Hi, For generate-certificates, X509V3_EXT_conf is used but it's an (very) old API call: X509V3_EXT_nconf must be preferred. Openssl compatibility is ok because it's inside #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME, introduce 5 years after X509V3_EXT_nconf. (BoringSSL only have X509V3_EXT_nconf) Christopher, if you have time to check this little patch :) Hi Manu, Sorry for the lag. So, I tested your patches, and it works for me. I have only tested it with openssl 1.1.0. But it seems to be safe enough. -- Christopher
[PATCH] MINOR: generate-certificates for BoringSSL
Hi, For generate-certificates, X509V3_EXT_conf is used but it's an (very) old API call: X509V3_EXT_nconf must be preferred. Openssl compatibility is ok because it's inside #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME, introduce 5 years after X509V3_EXT_nconf. (BoringSSL only have X509V3_EXT_nconf) Christopher, if you have time to check this little patch :) ++ Manu 0001-MINOR-ssl-cleanup-old-openssl-API-call.patch Description: Binary data 0002-MINOR-ssl-generate-certificates-for-BoringSSL.patch Description: Binary data