Hi Manu, On 07/12/2017 03:23 PM, Willy Tarreau wrote: > Hi Manu! > > Please don't forget to CC Emeric and keep in mind that I still don't > understand anything about openssl, so for me it's always a huge pain > each time to try to have an opinion on openssl related changes. > > On Wed, Jul 12, 2017 at 02:54:16PM +0200, Emmanuel Hocdet wrote: >> >> Hi Willy, >> >> I would like you consider this patches because Christopher's patch is false >> and >> doesn't support other ssl libs and openssl >= 1.1.0. > > OK so I guess we need to take it. Are you confident that it doesn't break > older versions ? I'm asking because since we started to add support for > openssl derivatives, we've probably had as many patches to fix build with > them as patches needed to fix the build with openssl due to these patches, > to the point that sometimes I'm wondering why we still make so many efforts > supporting these libs given the amount of incompatibilities they cause :-( > >> I sent my original patch with more comments and another with a little >> cleanup:
Same worries, the openssl 0.9.8 is still maintained in redhat 5 so we should be able to compile with this version. > This one will definitely break : > > Subject: [PATCH 2/2] MINOR: ssl: remove an unecessary SSL_OP_NO_* dependancy > > Use methodVersions table to display "OpenSSL library supports". > (...) > - memprintf(&ptr, "%s\nOpenSSL library supports : " > -#if SSL_OP_NO_SSLv3 > - "SSLv3 " > -#endif > -#if SSL_OP_NO_TLSv1 > - "TLSv1.0 " > -#endif > -#if SSL_OP_NO_TLSv1_1 > - "TLSv1.1 " > -#endif > -#if SSL_OP_NO_TLSv1_2 > - "TLSv1.2 " > -#endif > -#if SSL_OP_NO_TLSv1_3 > - "TLSv1.3" > -#endif > - "", ptr); > + memprintf(&ptr, "%s\nOpenSSL library supports :", ptr); > + for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++) > + if (methodVersions[i].option) > + memprintf(&ptr, "%s %s", ptr, methodVersions[i].name); > > $ grep -rF methodVersions openssl-1.0.2k/ > $ echo $? > 1 > > Thanks, > Willy > R, Emeric