Am Dienstag, den 21.11.2017, 00:07 -0600 schrieb Matthew Thode: > Hi, > > It looks like openssl-1.1 support needs to be tweaked a bit to > support > building when openssl does not support depricated features. > > We are tracking the bug here, https://bugs.gentoo.org/604490 and have > an > attached patch here https://bugs.gentoo.org/attachment.cgi?id=498698 > > The patch looks straight forward to my untrained eyes, but I'd like > an > ack on it or to possibly get the patch committed. (if just an ack > I'd > start carrrying it in our tree). >
The patch seems to have a bug. IMO, it should be
if (ssl_options)
SSL_CTX_set_options (ssl_ctx, ssl_options);
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >=
0x10100000L)
+ if (ssl_proto_version)
+ SSL_CTX_set_min_proto_version(ssl_ctx, ssl_proto_version);
+#endif
+
Because you only declare 'ssl_proto_version' only under the above
conditions. Which means, the patch won't compile on older versions of
Openssl.
But please have a look and let me know if my assumption is right. The
commit can be found in branch 'openssl-1.1'.
With Best Regards, Tim
>
signature.asc
Description: This is a digitally signed message part
