Hi Willy > Le 24 juil. 2018 à 18:59, Willy Tarreau <w...@1wt.eu> a écrit : > > Hi Manu, > > On Mon, Jul 23, 2018 at 06:12:34PM +0200, Emmanuel Hocdet wrote: >> Hi Willy, >> >> This patch is necessary to build with current BoringSSL (SSL_SESSION is now >> opaque). >> BoringSSL correctly matches OpenSSL 1.1.0 since 3b2ff028 for haproxy needs. >> The patch revert part of haproxy 019f9b10 (openssl-compat.h). >> This will not break openssl/libressl compat. > > OK, but the chunk here seems to contradict this assertion : > > > @@ -119,13 +114,6 @@ static inline const OCSP_CERTID > *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP * > } > #endif > > -#endif > - > -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || > defined(LIBRESSL_VERSION_NUMBER) > -/* > - * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL > - */ > - > static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) > { > return ctx->default_passwd_callback; > > I'm seeing that libressl will use a different code that is common > with openssl while you seem to have targetted boringssl only. Maybe > this part escaped from a larger patch that you used during development ? >
It’s ok because this function is inserted upper in the patch. As said, it's only a revert from 019f9b10 patches for openssl-compat.h. From: # Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL / BoringSSL # Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL To: # Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL ++ Manu