Am Dienstag, den 21.11.2017, 00:07 -0600 schrieb Matthew Thode: > Hi, > > It looks like openssl-1.1 support needs to be tweaked a bit to > support > building when openssl does not support depricated features. > > We are tracking the bug here, https://bugs.gentoo.org/604490 and have > an > attached patch here https://bugs.gentoo.org/attachment.cgi?id=498698 > > The patch looks straight forward to my untrained eyes, but I'd like > an > ack on it or to possibly get the patch committed. (if just an ack > I'd > start carrrying it in our tree). >
The patch seems to have a bug. IMO, it should be if (ssl_options) SSL_CTX_set_options (ssl_ctx, ssl_options); +#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) + if (ssl_proto_version) + SSL_CTX_set_min_proto_version(ssl_ctx, ssl_proto_version); +#endif + Because you only declare 'ssl_proto_version' only under the above conditions. Which means, the patch won't compile on older versions of Openssl. But please have a look and let me know if my assumption is right. The commit can be found in branch 'openssl-1.1'. With Best Regards, Tim >
signature.asc
Description: This is a digitally signed message part