The OPENSSL_VERSION number is a guarantee for a certain version of the ABI. As we dont' provide that (in fact much of the ABI in LIbreSSL is "beyond" 1.0.1g, it is not accurate to use the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSION is "bigger than 1.0.1g"'s.
On Fri, Jul 11, 2014 at 4:15 PM, Stuart Henderson <s...@spacehopper.org> wrote: > On 2014/07/11 15:21, Bob Beck wrote: >> CVSROOT: /cvs >> Module name: src >> Changes by: b...@cvs.openbsd.org 2014/07/11 15:21:59 >> >> Modified files: >> lib/libssl/src/crypto: opensslv.h >> >> Log message: >> Provide LIBRESSL_VERSION_NUMBER for people who use such things to >> detect versions distinct from OPENSSL_BLAH_WOOF.. >> ok jsing@ tedu@ deraadt@ >> > > I think it would ease porting work if the old OPENSSL_VERSION_NUMBER could > be retained and we use LIBRESSL_VERSION_NUMBER to distinguish LibreSSL > versions.. > > > dovecot-2.2.10/dovecot-2.2.10/src/login-common/ssl-proxy-openssl.c > http://hg.dovecot.org/dovecot-2.2/file/fd0616d553b0/src/login-common/ssl-proxy-openssl.c#l130 > 32:#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L > 129:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L > 1028:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L > 1041:#if OPENSSL_VERSION_NUMBER >= 0x10002000L > 1076:#if OPENSSL_VERSION_NUMBER >= 0x00907000L > 1156:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L > > chromium-34.0.1847.137/chromium-34.0.1847.137/net/socket/ssl_client_socket_openssl.cc > 54:#if OPENSSL_VERSION_NUMBER < 0x1000103fL > ...(checking for a version of openssl other than the embedded one?) > > > apache-httpd > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?revision=1598107&view=markup#l86 > : #include <openssl/opensslv.h> > : #if (OPENSSL_VERSION_NUMBER >= 0x10001000) > : /* must be defined before including ssl.h */ > : #define OPENSSL_NO_SSL_INTERN > : #endif > > knot-dns > https://gitlab.labs.nic.cz/labs/knot/blob/2354047b6402aa68daffe96d6f82f30f0dad1cff/src/libknot/dnssec/config.h > : // ECDSA support requires OpenSSL version >= 1.0.1 > : #if !defined(OPENSSL_NO_ECDSA) && OPENSSL_VERSION_NUMBER >= 0x10001000L > : #define KNOT_ENABLE_ECDSA 1 > : #else > : #undef KNOT_ENABLE_ECDSA > : #endif >