The addition of a new TLS capability (SNI) seems to have left CentOS 5.x out in the cold. C5x comes with (by now a heavily patched) openssl 0.9.8e, which does not support SNI. Quoting from http://stackoverflow.com/questions/7340784/easy-install-pyopenssl-error :
"Support for SNI was introduced in OpenSSL 0.9.8f. Thus, pyOpenSSL 0.13 will build with OpenSSL 0.9.8f or later, but not OpenSSL 0.9.8e or earlier, where the APIs it expects to be wrapping do not exist." The compile fails as per the following. Ignore the ugly includes of srs and srs/src, I do some trickery in my spec file and build these libs into modules and package it all together. gcc -c -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I/usr/include -I/usr/include -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -DSPF -DSRS -fpie -DSPF -I../src -I../../src -I../src/srs/src -I../../src/srs/src -I../../src/srs -std=gnu99 -I. -I/usr/kerberos/include tls.c In file included from tls.c:97: tls-openssl.c: In function 'tls_servername_cb': tls-openssl.c:546: warning: implicit declaration of function 'SSL_get_servername' tls-openssl.c:546: error: 'TLSEXT_NAMETYPE_host_name' undeclared (first use in this function) tls-openssl.c:546: error: (Each undeclared identifier is reported only once tls-openssl.c:546: error: for each function it appears in.) tls-openssl.c:546: warning: initialization makes pointer from integer without a cast tls-openssl.c:552: error: 'SSL_TLSEXT_ERR_OK' undeclared (first use in this function) tls-openssl.c:574: error: 'SSL_TLSEXT_ERR_NOACK' undeclared (first use in this function) tls-openssl.c:584: warning: implicit declaration of function 'SSL_CTX_set_tlsext_servername_callback' tls-openssl.c:585: warning: implicit declaration of function 'SSL_CTX_set_tlsext_servername_arg' tls-openssl.c:605: warning: implicit declaration of function 'SSL_set_SSL_CTX' tls-openssl.c: In function 'tls_client_start': tls-openssl.c:1244: warning: implicit declaration of function 'SSL_set_tlsext_host_name' make[1]: *** [tls.o] Error 1 make[1]: Leaving directory `/home/tlyons/RPM/BUILD/exim-4.80_RC2/build-Linux-x86_64' make: *** [all] Error 2 Do we need to add some detection of openssl version or is this also going to be a backwards incompatible change? ...Todd -- Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live. -- Martin Golding -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##