пн, 16 дек. 2019 г. в 22:42, Rosen Penev <ros...@gmail.com>: > LIBRESSL_VERSION_NUMBER evaluates to 0 under OpenSSL, making the condition > always true. Check for the define before checking it. > > Signed-off-by: Rosen Penev <ros...@gmail.com> > --- > include/common/openssl-compat.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/common/openssl-compat.h > b/include/common/openssl-compat.h > index 25102fbe3..c5029d133 100644 > --- a/include/common/openssl-compat.h > +++ b/include/common/openssl-compat.h > @@ -278,7 +278,7 @@ static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey) > #define TLSEXT_signature_ecdsa 3 > #endif > > -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER < > 0x20700000L) > +#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) && (LIBRESSL_VERSION_NUMBER > < 0x2070000fL) >
assuming "&& (LIBRESSL_VERSION_NUMBER < 0x2070000fL)" part ... it is only relevant for LibreSSL, right ? if so, should we leave just second part and omit first ? > #define X509_getm_notBefore X509_get_notBefore > #define X509_getm_notAfter X509_get_notAfter > #endif > -- > 2.23.0 > > >