Hello, I recently tried to rebuild a complete gentoo system with libressl, if you haven't seen, I've blogged about it: https://blog.hboeck.de/archives/851-LibreSSL-on-Gentoo.html
One of the issues that popped up was in dovecot. Compilation failed due to missing constants of the compression functions. What dovecot's confiugre script does is that it checks for the existence SSL_get_current_compression() and if its available it assumes that compression is available. Libressl contains a stub function of SSL_get_current_compression() so this check returns true. The interesting thing is: This check probably also doesn't work with openssl, because when disabling compression openssl also leaves a stub function just returning NULL. I'd like to ask about opinions here: Should these stub functions be removed completely? This will probably break some more apps and bears down to the question how much api breakage libressl is willing to accept. However, in the case of egd it was decided against having such stub functions around. Patch to remove compression related stub functions attached. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
diff -Naur libressl-2.0.1/include/openssl/ssl.h libressl-2.0.1-1/include/openssl/ssl.h
--- libressl-2.0.1/include/openssl/ssl.h 2014-07-13 12:51:17.000000000 +0200
+++ libressl-2.0.1-1/include/openssl/ssl.h 2014-07-14 14:46:05.737556271 +0200
@@ -1772,13 +1772,6 @@
void SSL_set_tmp_ecdh_callback(SSL *ssl,
EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
-const void *SSL_get_current_compression(SSL *s);
-const void *SSL_get_current_expansion(SSL *s);
-
-const char *SSL_COMP_get_name(const void *comp);
-void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id, void *cm);
-
/* TLS extensions functions */
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
diff -Naur libressl-2.0.1/ssl/ssl_ciph.c libressl-2.0.1-1/ssl/ssl_ciph.c
--- libressl-2.0.1/ssl/ssl_ciph.c 2014-07-13 12:51:17.000000000 +0200
+++ libressl-2.0.1-1/ssl/ssl_ciph.c 2014-07-14 14:44:57.725406540 +0200
@@ -1777,20 +1777,3 @@
return c->id;
}
-void *
-SSL_COMP_get_compression_methods(void)
-{
- return NULL;
-}
-
-int
-SSL_COMP_add_compression_method(int id, void *cm)
-{
- return 1;
-}
-
-const char *
-SSL_COMP_get_name(const void *comp)
-{
- return NULL;
-}
diff -Naur libressl-2.0.1/ssl/ssl_lib.c libressl-2.0.1-1/ssl/ssl_lib.c
--- libressl-2.0.1/ssl/ssl_lib.c 2014-07-13 12:51:17.000000000 +0200
+++ libressl-2.0.1-1/ssl/ssl_lib.c 2014-07-14 14:46:05.692556834 +0200
@@ -2616,17 +2616,6 @@
return (s->session->cipher);
return (NULL);
}
-const void *
-SSL_get_current_compression(SSL *s)
-{
- return (NULL);
-}
-
-const void *
-SSL_get_current_expansion(SSL *s)
-{
- return (NULL);
-}
int
ssl_init_wbio_buffer(SSL *s, int push)
signature.asc
Description: PGP signature
