Could you give your opinion on my patches and commit them if they're fine? On 17-02-15 15:46:23, Piotr Kubaj wrote: > Thanks for the feedback. Could you keep me in CC? I'm not subscribed to the > list. > > > I don't understand much, your e-mail talks about openssl and you're changing > > a line afecting boringssl. You need to provide a bit of description about > > what your patch does and tries to solve, that we'll use as the commit > > message. > > Those lines affect BoringSSL and any OpenSSL-like library with > OPENSSL_VERSION_NUMBER >= 0x1010000fL. LibreSSL has OPENSSL_VERSION_NUMBER >= > 0x1010000fL but version 2.5.1 actually has SSL_CTX_set_ecdh_auto(), so it > needs to be excluded from the check. > > > Here this 128 looks a bit magic and will very likely break sooner or > > later, so if this is an internal value used by libressl, it's better > > to mention it next to it. > > > Same here. > > It's taken from > https://git.openssl.org/?p=openssl.git;a=blob;f=include/openssl/ssl.h;h=f2b6198972736676c39de3799d0901f9ccd467ae;hb=refs/heads/master > Haproxy uses macros defined in OpenSSL, but not defined in LibreSSL (although > the functions itself work). This patch defines those values. > > > Be careful not to introduce useless space changes in your patch like this. > > Corrected in the new patch (attached). > > -- > _______________________________________ > / What scoundrel stole the cork from my \ > | lunch? | > | | > \ -- J. D. Farley / > --------------------------------------- > \ ^__^ > \ (oo)\_______ > (__)\ )\/\ > ||----w | > || ||
> --- src/ssl_sock.c.orig 2017-02-08 18:08:38 UTC > +++ src/ssl_sock.c > @@ -829,10 +829,13 @@ static int ssl_sock_load_ocsp(SSL_CTX *c > ocsp = NULL; > > #ifndef SSL_CTX_get_tlsext_status_cb > -# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ > - *cb = (void (*) (void))ctx->tlsext_status_cb; > +#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB > +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 > #endif > - SSL_CTX_get_tlsext_status_cb(ctx, &callback); > +#define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ > + *cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void > (**)(void))cb) > +#endif > + SSL_CTX_get_tlsext_status_cb(ctx, &callback); > > if (!callback) { > struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg)); > @@ -858,10 +861,13 @@ static int ssl_sock_load_ocsp(SSL_CTX *c > int key_type; > EVP_PKEY *pkey; > > -#ifdef SSL_CTX_get_tlsext_status_arg > - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, > &cb_arg); > +#if defined(SSL_CTX_get_tlsext_status_arg) || (LIBRESSL_VERSION_NUMBER >= > 0x2050100fL) > +#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG > +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 > +#endif > + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, > &cb_arg); > #else > cb_arg = ctx->tlsext_status_arg; > #endif -- _______________________________________ / The plot was designed in a light vein \ | that somehow became varicose. | | | \ -- David Lardner / --------------------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||
signature.asc
Description: PGP signature