The OPENSSL_VERSION number is a guarantee for a certain version of the
ABI. As we dont' provide that (in fact much
of the ABI in LIbreSSL is "beyond" 1.0.1g, it is not accurate to use
the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSION
is "bigger than 1.0.1g"'s.



On Fri, Jul 11, 2014 at 4:15 PM, Stuart Henderson <s...@spacehopper.org> wrote:
> On 2014/07/11 15:21, Bob Beck wrote:
>> CVSROOT:      /cvs
>> Module name:  src
>> Changes by:   b...@cvs.openbsd.org    2014/07/11 15:21:59
>>
>> Modified files:
>>       lib/libssl/src/crypto: opensslv.h
>>
>> Log message:
>> Provide LIBRESSL_VERSION_NUMBER for people who use such things to
>> detect versions distinct from OPENSSL_BLAH_WOOF..
>> ok jsing@ tedu@ deraadt@
>>
>
> I think it would ease porting work if the old OPENSSL_VERSION_NUMBER could
> be retained and we use LIBRESSL_VERSION_NUMBER to distinguish LibreSSL
> versions..
>
>
> dovecot-2.2.10/dovecot-2.2.10/src/login-common/ssl-proxy-openssl.c
> http://hg.dovecot.org/dovecot-2.2/file/fd0616d553b0/src/login-common/ssl-proxy-openssl.c#l130
> 32:#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L
> 129:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
> 1028:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
> 1041:#if OPENSSL_VERSION_NUMBER >= 0x10002000L
> 1076:#if OPENSSL_VERSION_NUMBER >= 0x00907000L
> 1156:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
>
> chromium-34.0.1847.137/chromium-34.0.1847.137/net/socket/ssl_client_socket_openssl.cc
> 54:#if OPENSSL_VERSION_NUMBER < 0x1000103fL
> ...(checking for a version of openssl other than the embedded one?)
>
>
> apache-httpd
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?revision=1598107&view=markup#l86
> : #include <openssl/opensslv.h>
> : #if (OPENSSL_VERSION_NUMBER >= 0x10001000)
> : /* must be defined before including ssl.h */
> : #define OPENSSL_NO_SSL_INTERN
> : #endif
>
> knot-dns
> https://gitlab.labs.nic.cz/labs/knot/blob/2354047b6402aa68daffe96d6f82f30f0dad1cff/src/libknot/dnssec/config.h
> : // ECDSA support requires OpenSSL version >= 1.0.1
> : #if !defined(OPENSSL_NO_ECDSA) && OPENSSL_VERSION_NUMBER >= 0x10001000L
> :   #define KNOT_ENABLE_ECDSA 1
> : #else
> :   #undef KNOT_ENABLE_ECDSA
> : #endif
>

Reply via email to