Could you give your opinion on my patches and commit them if they're fine? On 17-02-15 15:46:23, Piotr Kubaj wrote: > Thanks for the feedback. Could you keep me in CC? I'm not subscribed to the > list. > > > I don't understand much, your e-mail talks about openssl and you're changing > > a line afecting boringssl. You need to provide a bit of description about > > what your patch does and tries to solve, that we'll use as the commit > > message. > > Those lines affect BoringSSL and any OpenSSL-like library with > OPENSSL_VERSION_NUMBER >= 0x1010000fL. LibreSSL has OPENSSL_VERSION_NUMBER >= > 0x1010000fL but version 2.5.1 actually has SSL_CTX_set_ecdh_auto(), so it > needs to be excluded from the check. > > > Here this 128 looks a bit magic and will very likely break sooner or > > later, so if this is an internal value used by libressl, it's better > > to mention it next to it. > > > Same here. > > It's taken from > https://git.openssl.org/?p=openssl.git;a=blob;f=include/openssl/ssl.h;h=f2b6198972736676c39de3799d0901f9ccd467ae;hb=refs/heads/master > Haproxy uses macros defined in OpenSSL, but not defined in LibreSSL (although > the functions itself work). This patch defines those values. > > > Be careful not to introduce useless space changes in your patch like this. > > Corrected in the new patch (attached). > > -- > _______________________________________ > / What scoundrel stole the cork from my \ > | lunch? | > | | > \ -- J. D. Farley / > --------------------------------------- > \ ^__^ > \ (oo)\_______ > (__)\ )\/\ > ||----w | > || ||
> --- src/ssl_sock.c.orig 2017-02-08 18:08:38 UTC
> +++ src/ssl_sock.c
> @@ -829,10 +829,13 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
> ocsp = NULL;
>
> #ifndef SSL_CTX_get_tlsext_status_cb
> -# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
> - *cb = (void (*) (void))ctx->tlsext_status_cb;
> +#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
> +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
> #endif
> - SSL_CTX_get_tlsext_status_cb(ctx, &callback);
> +#define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
> + *cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void
> (**)(void))cb)
> +#endif
> + SSL_CTX_get_tlsext_status_cb(ctx, &callback);
>
> if (!callback) {
> struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
> @@ -858,10 +861,13 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
> int key_type;
> EVP_PKEY *pkey;
>
> -#ifdef SSL_CTX_get_tlsext_status_arg
> - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0,
> &cb_arg);
> +#if defined(SSL_CTX_get_tlsext_status_arg) || (LIBRESSL_VERSION_NUMBER >=
> 0x2050100fL)
> +#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
> +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
> +#endif
> + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0,
> &cb_arg);
> #else
> cb_arg = ctx->tlsext_status_arg;
> #endif
--
_______________________________________
/ The plot was designed in a light vein \
| that somehow became varicose. |
| |
\ -- David Lardner /
---------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
signature.asc
Description: PGP signature
