Re: [Openvpn-devel] [PATCH] Fix float comparisons of OPENVPN_VERSION_NUMBER
чт, 20 февр. 2020 г. в 13:44, Arne Schwabe : > Am 20.02.20 um 09:38 schrieb Arne Schwabe: > > These checks are probably the result of copying a > > check from the LibreSSL and modifying it to be > > a OpenSSL check. For some arcane reason LibreSSL decided > > that its version number should be a long float (double) rather > > than an integer. > > > > Signed-off-by: Arne Schwabe > > --- > > src/openvpn/ssl_openssl.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c > > index 21651a3e..bcdfb543 100644 > > --- a/src/openvpn/ssl_openssl.c > > +++ b/src/openvpn/ssl_openssl.c > > @@ -231,7 +231,7 @@ tls_version_max(void) > > * We only need to check this for OpenSSL versions that can be > > * upgraded to 1.1.1 without recompile (>= 1.1.0) > > */ > > -if (OpenSSL_version_num() >= 0x1010100fL) > > +if (OpenSSL_version_num() >= 0x1010100L) > > { > > return TLS_VER_1_3; > > } > > @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char > *cipher_list, > > crypto_msg(M_FATAL, "Cannot create SSL object"); > > } > > > > -#if (OPENSSL_VERSION_NUMBER < 0x101fL)\ > > +#if (OPENSSL_VERSION_NUMBER < 0x101L)\ > > || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= > 0x209fL) > > STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); > > #else > > @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char > *cipher_list, > > printf("%s\n", pair->iana_name); > > } > > } > > -#if (OPENSSL_VERSION_NUMBER >= 0x101fL) > > +#if (OPENSSL_VERSION_NUMBER >= 0x101L) > > sk_SSL_CIPHER_free(sk); > > #endif > > SSL_free(ssl); > > > > > Ignore that patch. I am not awake yet. the fL is not a suffix. LibreSSL > has has its patch version to be 0f. > can you also close it here https://patchwork.openvpn.net/patch/1015/ ? to prevent someone from taking it accidently > > Arne > > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix float comparisons of OPENVPN_VERSION_NUMBER
Am 20.02.20 um 09:38 schrieb Arne Schwabe: > These checks are probably the result of copying a > check from the LibreSSL and modifying it to be > a OpenSSL check. For some arcane reason LibreSSL decided > that its version number should be a long float (double) rather > than an integer. > > Signed-off-by: Arne Schwabe > --- > src/openvpn/ssl_openssl.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c > index 21651a3e..bcdfb543 100644 > --- a/src/openvpn/ssl_openssl.c > +++ b/src/openvpn/ssl_openssl.c > @@ -231,7 +231,7 @@ tls_version_max(void) > * We only need to check this for OpenSSL versions that can be > * upgraded to 1.1.1 without recompile (>= 1.1.0) > */ > -if (OpenSSL_version_num() >= 0x1010100fL) > +if (OpenSSL_version_num() >= 0x1010100L) > { > return TLS_VER_1_3; > } > @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char *cipher_list, > crypto_msg(M_FATAL, "Cannot create SSL object"); > } > > -#if (OPENSSL_VERSION_NUMBER < 0x101fL)\ > +#if (OPENSSL_VERSION_NUMBER < 0x101L)\ > || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= > 0x209fL) > STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); > #else > @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char *cipher_list, > printf("%s\n", pair->iana_name); > } > } > -#if (OPENSSL_VERSION_NUMBER >= 0x101fL) > +#if (OPENSSL_VERSION_NUMBER >= 0x101L) > sk_SSL_CIPHER_free(sk); > #endif > SSL_free(ssl); > Ignore that patch. I am not awake yet. the fL is not a suffix. LibreSSL has has its patch version to be 0f. Arne signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] Fix float comparisons of OPENVPN_VERSION_NUMBER
These checks are probably the result of copying a check from the LibreSSL and modifying it to be a OpenSSL check. For some arcane reason LibreSSL decided that its version number should be a long float (double) rather than an integer. Signed-off-by: Arne Schwabe --- src/openvpn/ssl_openssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 21651a3e..bcdfb543 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -231,7 +231,7 @@ tls_version_max(void) * We only need to check this for OpenSSL versions that can be * upgraded to 1.1.1 without recompile (>= 1.1.0) */ -if (OpenSSL_version_num() >= 0x1010100fL) +if (OpenSSL_version_num() >= 0x1010100L) { return TLS_VER_1_3; } @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char *cipher_list, crypto_msg(M_FATAL, "Cannot create SSL object"); } -#if (OPENSSL_VERSION_NUMBER < 0x101fL)\ +#if (OPENSSL_VERSION_NUMBER < 0x101L)\ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x209fL) STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); #else @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char *cipher_list, printf("%s\n", pair->iana_name); } } -#if (OPENSSL_VERSION_NUMBER >= 0x101fL) +#if (OPENSSL_VERSION_NUMBER >= 0x101L) sk_SSL_CIPHER_free(sk); #endif SSL_free(ssl); -- 2.25.0 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel