Re: [PATCH] MINOR: ssl: BoringSSL matches OpenSSL 1.1.0
Hi Manu, On Wed, Jul 25, 2018 at 10:34:46AM +0200, Emmanuel Hocdet wrote: > It's ok because this function is inserted upper in the patch. > > As said, it's only a revert from 019f9b10 patches for openssl-compat.h. > From: > # Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL / > BoringSSL > # Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL > To: > # Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL OK thanks for the explanation, I've just merged your latest version. Willy
Re: [PATCH] MINOR: ssl: BoringSSL matches OpenSSL 1.1.0
Le 25 juil. 2018 à 10:34, Emmanuel Hocdeta écrit :Hi WillyLe 24 juil. 2018 à 18:59, Willy Tarreau a écrit :Hi Manu,On Mon, Jul 23, 2018 at 06:12:34PM +0200, Emmanuel Hocdet wrote:Hi Willy,This patch is necessary to build with current BoringSSL (SSL_SESSION is now opaque).BoringSSL correctly matches OpenSSL 1.1.0 since 3b2ff028 for haproxy needs.The patch revert part of haproxy 019f9b10 (openssl-compat.h).This will not break openssl/libressl compat.OK, but the chunk here seems to contradict this assertion :@@ -119,13 +114,6 @@ static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *}#endif-#endif--#if (OPENSSL_VERSION_NUMBER < 0x101fL) || defined(LIBRESSL_VERSION_NUMBER)-/*- * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL- */-static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx){ return ctx->default_passwd_callback;I'm seeing that libressl will use a different code that is commonwith openssl while you seem to have targetted boringssl only. Maybe this part escaped from a larger patch that you used during development ?It’s ok because this function is inserted upper in the patch.As said, it's only a revert from 019f9b10 patches for openssl-compat.h.From:# Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL / BoringSSL# Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSLTo:# Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSLThis patch is easier to read out of context: 0001-MINOR-ssl-BoringSSL-matches-OpenSSL-1.1.0.patch Description: Binary data
Re: [PATCH] MINOR: ssl: BoringSSL matches OpenSSL 1.1.0
Hi Willy > Le 24 juil. 2018 à 18:59, Willy Tarreau a écrit : > > Hi Manu, > > On Mon, Jul 23, 2018 at 06:12:34PM +0200, Emmanuel Hocdet wrote: >> Hi Willy, >> >> This patch is necessary to build with current BoringSSL (SSL_SESSION is now >> opaque). >> BoringSSL correctly matches OpenSSL 1.1.0 since 3b2ff028 for haproxy needs. >> The patch revert part of haproxy 019f9b10 (openssl-compat.h). >> This will not break openssl/libressl compat. > > OK, but the chunk here seems to contradict this assertion : > > > @@ -119,13 +114,6 @@ static inline const OCSP_CERTID > *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP * > } > #endif > > -#endif > - > -#if (OPENSSL_VERSION_NUMBER < 0x101fL) || > defined(LIBRESSL_VERSION_NUMBER) > -/* > - * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL > - */ > - > static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) > { > return ctx->default_passwd_callback; > > I'm seeing that libressl will use a different code that is common > with openssl while you seem to have targetted boringssl only. Maybe > this part escaped from a larger patch that you used during development ? > It’s ok because this function is inserted upper in the patch. As said, it's only a revert from 019f9b10 patches for openssl-compat.h. From: # Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL / BoringSSL # Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL To: # Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL ++ Manu
Re: [PATCH] MINOR: ssl: BoringSSL matches OpenSSL 1.1.0
Hi Manu, On Mon, Jul 23, 2018 at 06:12:34PM +0200, Emmanuel Hocdet wrote: > Hi Willy, > > This patch is necessary to build with current BoringSSL (SSL_SESSION is now > opaque). > BoringSSL correctly matches OpenSSL 1.1.0 since 3b2ff028 for haproxy needs. > The patch revert part of haproxy 019f9b10 (openssl-compat.h). > This will not break openssl/libressl compat. OK, but the chunk here seems to contradict this assertion : @@ -119,13 +114,6 @@ static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP * } #endif -#endif - -#if (OPENSSL_VERSION_NUMBER < 0x101fL) || defined(LIBRESSL_VERSION_NUMBER) -/* - * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL - */ - static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) { return ctx->default_passwd_callback; I'm seeing that libressl will use a different code that is common with openssl while you seem to have targetted boringssl only. Maybe this part escaped from a larger patch that you used during development ? Thanks, Willy
[PATCH] MINOR: ssl: BoringSSL matches OpenSSL 1.1.0
Hi Willy, This patch is necessary to build with current BoringSSL (SSL_SESSION is now opaque). BoringSSL correctly matches OpenSSL 1.1.0 since 3b2ff028 for haproxy needs. The patch revert part of haproxy 019f9b10 (openssl-compat.h). This will not break openssl/libressl compat. Can you consider it for 1.9? Thanks. Manu 0001-MINOR-ssl-BoringSSL-matches-OpenSSL-1.1.0.patch Description: Binary data