subject:"Re\: \[PATCH\] BUG\/MINOR\: ssl\: fix curve setup with LibreSSL"

Re: [PATCH] BUG/MINOR: ssl: fix curve setup with LibreSSL

2019-11-24 Thread Lukas Tribus

Hello,

On Sun, Nov 24, 2019 at 6:20 PM Lukas Tribus  wrote:
>
> Since commit 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER
> instead of OPENSSL_VERSION_NUMBER") we restrict LibreSSL to the OpenSSL
> 1.0.1 API, to avoid breaking LibreSSL every minute. We set
> HA_OPENSSL_VERSION_NUMBER to 0x1000107fL if LibreSSL is detected and
> only allow curves to be configured if HA_OPENSSL_VERSION_NUMBER is at
> least 0x1000200fL.
>
> However all relevant LibreSSL releases actually support settings curves,
> which is now broken. Fix this by always allowing curve configuration when
> using LibreSSL.
>
> Reported on GitHub in issue #366.
>
> Fixes: 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead
> of OPENSSL_VERSION_NUMBER").

Should be backported to 2.0.


Lukas

Re: [PATCH] BUG/MINOR: ssl: fix curve setup with LibreSSL

2019-11-24 Thread Willy Tarreau

On Sun, Nov 24, 2019 at 06:20:40PM +0100, Lukas Tribus wrote:
> Since commit 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER
> instead of OPENSSL_VERSION_NUMBER") we restrict LibreSSL to the OpenSSL
> 1.0.1 API, to avoid breaking LibreSSL every minute. We set
> HA_OPENSSL_VERSION_NUMBER to 0x1000107fL if LibreSSL is detected and
> only allow curves to be configured if HA_OPENSSL_VERSION_NUMBER is at
> least 0x1000200fL.
(...)

Thank you Lukas!
Willy

Re: [PATCH] BUG/MINOR: ssl: fix curve setup with LibreSSL

Re: [PATCH] BUG/MINOR: ssl: fix curve setup with LibreSSL

2 matches

Site Navigation

Mail list logo

Footer information