ср, 8 мая 2019 г. в 14:50, Willy Tarreau <[email protected]>: > On Wed, May 08, 2019 at 02:06:31PM +0500, ???? ??????? wrote: > > > Ilya, could you please instead change the test like this and test > again : > > > > > > -#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10101000L) > > > +#if defined(USE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x1010100fL) > > > > > > > LibreSSL defines is > > > > #define OPENSSL_VERSION_NUMBER 0x20000000L > > > > it is bigger then any released OpenSSL (yet, for openssl master it is > 3.0.0) > > So this behaviour from them make them complete bastards and will > constantly break each and every program trying to build with it :-( > > This stupidity really makes me want to completely remove support for > libressl. >
I guess the same would be with BoringSSL. It exposes OPENSSL_VERSION_NUMBER and it is not openssl itself. yes, we can add warning. > > I don't know when they forked nor what is the latest version they are > *really* compatible with, but what we should probably do is to change > their marketing version to a real version in the compat.h file to do > something like this : > > #if defined(LIBRESSL_VERSION_NUMBER) > #undef OPENSSL_VERSION_NUMBER > #define OPENSSL_VERSION_NUMBER 0x10something > #endif > > This way we won't have to guard ourselves against these lies each and > every time we add something to deal with some openssl-specific issues > or features. Ideas welcome, of course. If for any reason we can't do > something like the above, we should at least add a big fat warning when > building with it to explicitly mention that it uses fake version numbers > overlapping with openssl versions and may trigger API incompatibility > issues that might result in runtime problems, so that users are warned. > > Willy >
