Hi Manu, > On 21 Jan 2019, at 09:49, Emmanuel Hocdet <m...@gandi.net> wrote: > > Boringssl does not have SSL_OP_NO_RENEGOTIATION and need KeyUpdate to work. > As workaround, SSL_OP_NO_RENEGOTIATION could be set to 0 in openssl-compat.h.
Hmm, then we will need a different #define though since we can’t rely own the constant not being defined in that case to disable the logic. We would need a separate way to detect this then. Is there a good example of this or should I change the logic then to version checks instead? And how about LibreSSL in that case? Does BoringSSL need any of the logic in the first place? There’s not really versions of it, so is the target there always current master or something else? Cheers, Dirkjan
