On Sun, Nov 24, 2019 at 6:20 PM Lukas Tribus wrote:
> Since commit 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER
> instead of OPENSSL_VERSION_NUMBER") we restrict LibreSSL to the OpenSSL
> 1.0.1 API, to avoid breaking LibreSSL every minute. We set
> HA_OPENSSL_VERSION_NUMBER to 0x1000107fL if LibreSSL is detected and
> only allow curves to be configured if HA_OPENSSL_VERSION_NUMBER is at
> least 0x1000200fL.
> However all relevant LibreSSL releases actually support settings curves,
> which is now broken. Fix this by always allowing curve configuration when
> using LibreSSL.
> Reported on GitHub in issue #366.
> Fixes: 9a1ab08 ("CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead
> of OPENSSL_VERSION_NUMBER").
Should be backported to 2.0.