On Fri, Jul 11, 2014 at 3:41 PM, Bob Beck <b...@obtuse.com> wrote: > The OPENSSL_VERSION number is a guarantee for a certain version of the > ABI. As we dont' provide that (in fact much > of the ABI in LIbreSSL is "beyond" 1.0.1g, it is not accurate to use > the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSION > is "bigger than 1.0.1g"'s.
By that argument, we won't be ABI compatible with OpenSSL 2.0 either, so we shouldn't provide OPENSSL_VERSION at all. My 2c is for keeping OPENSSL_VERSION_NUMBER as the most recent OpenSSL version that we're *mostly* API/feature compatible with, and using LIBRESSL_VERSION_NUMBER to identify the exact LibreSSL version. By polluting the OPENSSL_VERSION_NUMBER namespace we just make things more difficult for downstream users that want to be compatible with both OpenSSL and LibreSSL. E.g., to check for a feature that was added in OpenSSL 1.2 but isn't present in LibreSSL, that code now needs to be #if OPENSSL_VERSION_NUMBER >= 1.2 && !defined(LIBRESSL_VERSION_NUMBER) rather than simply #if OPENSSL_VERSION_NUMBER >= 1.2 Breaking the latter just seems like making it more difficult to get people to port their software from OpenSSL to LibreSSL.
