Hi Manu! Please don't forget to CC Emeric and keep in mind that I still don't understand anything about openssl, so for me it's always a huge pain each time to try to have an opinion on openssl related changes.
On Wed, Jul 12, 2017 at 02:54:16PM +0200, Emmanuel Hocdet wrote: > > Hi Willy, > > I would like you consider this patches because Christopher's patch is false > and > doesn't support other ssl libs and openssl >= 1.1.0. OK so I guess we need to take it. Are you confident that it doesn't break older versions ? I'm asking because since we started to add support for openssl derivatives, we've probably had as many patches to fix build with them as patches needed to fix the build with openssl due to these patches, to the point that sometimes I'm wondering why we still make so many efforts supporting these libs given the amount of incompatibilities they cause :-( > I sent my original patch with more comments and another with a little cleanup: This one will definitely break : Subject: [PATCH 2/2] MINOR: ssl: remove an unecessary SSL_OP_NO_* dependancy Use methodVersions table to display "OpenSSL library supports". (...) - memprintf(&ptr, "%s\nOpenSSL library supports : " -#if SSL_OP_NO_SSLv3 - "SSLv3 " -#endif -#if SSL_OP_NO_TLSv1 - "TLSv1.0 " -#endif -#if SSL_OP_NO_TLSv1_1 - "TLSv1.1 " -#endif -#if SSL_OP_NO_TLSv1_2 - "TLSv1.2 " -#endif -#if SSL_OP_NO_TLSv1_3 - "TLSv1.3" -#endif - "", ptr); + memprintf(&ptr, "%s\nOpenSSL library supports :", ptr); + for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++) + if (methodVersions[i].option) + memprintf(&ptr, "%s %s", ptr, methodVersions[i].name); $ grep -rF methodVersions openssl-1.0.2k/ $ echo $? 1 Thanks, Willy
