Re: Reduce OPENSSL_VERSION_TEXT to "LibreSSL"
On Thu, Dec 11, 2014 at 04:57:21PM +0100, Mark Kettenis wrote:
> > From: Bob Beck
> > Date: Thu, 11 Dec 2014 08:39:15 -0700
> >
> > i.e. if we want the "openssl" command to report someting specific we
> > put it in there, not a globally visible string that will be used for
> > the wrong things.
>
> I think you guys are trying to hard to prevent people to shoot
> themselves in the foot. As long as OpenSSL includes a version number
> there, people will try this anyway. Shrug.
You're probably right Mark. Ports can and do patch opensslv.h anyway.
The more important thing is that the runtime query for version matches
the release, be it via openssl(1) or language bindings.
This should satisfy that requirement, prevent external code from baking
in an outdated string, and make it easy for -portable to keep its
runtime version number up-to-date as well.
ok?
Index: libcrypto/crypto/Makefile
===
RCS file: /cvs/src/lib/libcrypto/crypto/Makefile,v
retrieving revision 1.51
diff -u -p -u -p -r1.51 Makefile
--- libcrypto/crypto/Makefile 3 Dec 2014 22:14:38 - 1.51
+++ libcrypto/crypto/Makefile 12 Dec 2014 14:07:58 -
@@ -7,6 +7,8 @@ LCRYPTO_SRC=${SSL_SRC}/crypto
CFLAGS+= -Wall -Werror
+CFLAGS+= -DLIBRESSL_VERSION=\"2.1\"
+
.include # for 'NOPIC' definition
.if !defined(NOPIC)
CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN
Index: libssl/src/crypto/cversion.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/cversion.c,v
retrieving revision 1.15
diff -u -p -u -p -r1.15 cversion.c
--- libssl/src/crypto/cversion.c11 Jul 2014 11:42:28 - 1.15
+++ libssl/src/crypto/cversion.c12 Dec 2014 14:07:59 -
@@ -66,7 +66,7 @@ SSLeay_version(int t)
{
switch (t) {
case SSLEAY_VERSION:
- return OPENSSL_VERSION_TEXT;
+ return OPENSSL_VERSION_TEXT " " LIBRESSL_VERSION;
case SSLEAY_BUILT_ON:
return("built on: date not available");
case SSLEAY_CFLAGS:
Index: libssl/src/crypto/opensslv.h
===
RCS file: /cvs/src/lib/libssl/src/crypto/opensslv.h,v
retrieving revision 1.28
diff -u -p -u -p -r1.28 opensslv.h
--- libssl/src/crypto/opensslv.h14 Oct 2014 13:12:35 - 1.28
+++ libssl/src/crypto/opensslv.h12 Dec 2014 14:07:59 -
@@ -4,7 +4,7 @@
#define LIBRESSL_VERSION_NUMBER0x2000L
#define OPENSSL_VERSION_NUMBER 0x2000L
-#define OPENSSL_VERSION_TEXT "LibreSSL 2.1"
+#define OPENSSL_VERSION_TEXT "LibreSSL"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
#define SHLIB_VERSION_HISTORY ""
Re: Reduce OPENSSL_VERSION_TEXT to "LibreSSL"
> From: Bob Beck > Date: Thu, 11 Dec 2014 08:39:15 -0700 > > i.e. if we want the "openssl" command to report someting specific we > put it in there, not a globally visible string that will be used for > the wrong things. I think you guys are trying to hard to prevent people to shoot themselves in the foot. As long as OpenSSL includes a version number there, people will try this anyway. Shrug.
Re: Reduce OPENSSL_VERSION_TEXT to "LibreSSL"
i.e. if we want the "openssl" command to report someting specific we put it in there, not a globally visible string that will be used for the wrong things. On Thu, Dec 11, 2014 at 8:37 AM, Bob Beck wrote: > likely whatever we change it to print. but we should catch that. > > On Thu, Dec 11, 2014 at 8:34 AM, Mark Kettenis > wrote: >>> Date: Thu, 11 Dec 2014 08:15:06 -0600 >>> From: Brent Cook >>> >>> To reduce reliance on this string, and to make it more consistently >>> correct between LibreSSL-portable releases, reduce OPENSSL_VERSION_TEXT >>> to say the bare minimum. >>> >>> There are better, more portable and consistent mechanisms for >>> determining the installed versions of packages, such as the OS package >>> manager, versions on user-generated packages, or the pkg-config tool. >> >> So what will 'openssl version' print after this change? >>
Re: Reduce OPENSSL_VERSION_TEXT to "LibreSSL"
likely whatever we change it to print. but we should catch that. On Thu, Dec 11, 2014 at 8:34 AM, Mark Kettenis wrote: >> Date: Thu, 11 Dec 2014 08:15:06 -0600 >> From: Brent Cook >> >> To reduce reliance on this string, and to make it more consistently >> correct between LibreSSL-portable releases, reduce OPENSSL_VERSION_TEXT >> to say the bare minimum. >> >> There are better, more portable and consistent mechanisms for >> determining the installed versions of packages, such as the OS package >> manager, versions on user-generated packages, or the pkg-config tool. > > So what will 'openssl version' print after this change? >
Re: Reduce OPENSSL_VERSION_TEXT to "LibreSSL"
Absolutely yes. On Thu, Dec 11, 2014 at 7:15 AM, Brent Cook wrote: > To reduce reliance on this string, and to make it more consistently > correct between LibreSSL-portable releases, reduce OPENSSL_VERSION_TEXT > to say the bare minimum. > > There are better, more portable and consistent mechanisms for > determining the installed versions of packages, such as the OS package > manager, versions on user-generated packages, or the pkg-config tool. > > If an app wants to statically link LibreSSL and emit the version at the > command line, it should use pkg-config to generate its own strings (and > that should work for all libraries, not just OpenSSL/LibreSSL). > > This has never matched the shared library version numbers anyway. > > Index: opensslv.h > === > RCS file: /cvs/src/lib/libssl/src/crypto/opensslv.h,v > retrieving revision 1.28 > diff -u -p -u -p -r1.28 opensslv.h > --- opensslv.h 14 Oct 2014 13:12:35 - 1.28 > +++ opensslv.h 11 Dec 2014 14:05:39 - > @@ -4,7 +4,7 @@ > > #define LIBRESSL_VERSION_NUMBER0x2000L > #define OPENSSL_VERSION_NUMBER 0x2000L > -#define OPENSSL_VERSION_TEXT "LibreSSL 2.1" > +#define OPENSSL_VERSION_TEXT "LibreSSL" > #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT > > #define SHLIB_VERSION_HISTORY "" >
Re: Reduce OPENSSL_VERSION_TEXT to "LibreSSL"
> Date: Thu, 11 Dec 2014 08:15:06 -0600 > From: Brent Cook > > To reduce reliance on this string, and to make it more consistently > correct between LibreSSL-portable releases, reduce OPENSSL_VERSION_TEXT > to say the bare minimum. > > There are better, more portable and consistent mechanisms for > determining the installed versions of packages, such as the OS package > manager, versions on user-generated packages, or the pkg-config tool. So what will 'openssl version' print after this change?
Reduce OPENSSL_VERSION_TEXT to "LibreSSL"
To reduce reliance on this string, and to make it more consistently correct between LibreSSL-portable releases, reduce OPENSSL_VERSION_TEXT to say the bare minimum. There are better, more portable and consistent mechanisms for determining the installed versions of packages, such as the OS package manager, versions on user-generated packages, or the pkg-config tool. If an app wants to statically link LibreSSL and emit the version at the command line, it should use pkg-config to generate its own strings (and that should work for all libraries, not just OpenSSL/LibreSSL). This has never matched the shared library version numbers anyway. Index: opensslv.h === RCS file: /cvs/src/lib/libssl/src/crypto/opensslv.h,v retrieving revision 1.28 diff -u -p -u -p -r1.28 opensslv.h --- opensslv.h 14 Oct 2014 13:12:35 - 1.28 +++ opensslv.h 11 Dec 2014 14:05:39 - @@ -4,7 +4,7 @@ #define LIBRESSL_VERSION_NUMBER0x2000L #define OPENSSL_VERSION_NUMBER 0x2000L -#define OPENSSL_VERSION_TEXT "LibreSSL 2.1" +#define OPENSSL_VERSION_TEXT "LibreSSL" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT #define SHLIB_VERSION_HISTORY ""
