Hi Willy
> Le 24 juil. 2018 à 18:59, Willy Tarreau <w...@1wt.eu> a écrit :
>
> Hi Manu,
>
> On Mon, Jul 23, 2018 at 06:12:34PM +0200, Emmanuel Hocdet wrote:
>> Hi Willy,
>>
>> This patch is necessary to build with current BoringSSL (SSL_SESSION is now
>> opaque).
>> BoringSSL correctly matches OpenSSL 1.1.0 since 3b2ff028 for haproxy needs.
>> The patch revert part of haproxy 019f9b10 (openssl-compat.h).
>> This will not break openssl/libressl compat.
>
> OK, but the chunk here seems to contradict this assertion :
>
>
> @@ -119,13 +114,6 @@ static inline const OCSP_CERTID
> *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *
> }
> #endif
>
> -#endif
> -
> -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) ||
> defined(LIBRESSL_VERSION_NUMBER)
> -/*
> - * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
> - */
> -
> static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
> {
> return ctx->default_passwd_callback;
>
> I'm seeing that libressl will use a different code that is common
> with openssl while you seem to have targetted boringssl only. Maybe
> this part escaped from a larger patch that you used during development ?
>
It’s ok because this function is inserted upper in the patch.
As said, it's only a revert from 019f9b10 patches for openssl-compat.h.
From:
# Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL /
BoringSSL
# Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
To:
# Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
++
Manu
