On Mon, Dec 16, 2019 at 10:00 AM Илья Шипицин <chipits...@gmail.com> wrote:
>
>
>
> пн, 16 дек. 2019 г. в 22:42, Rosen Penev <ros...@gmail.com>:
>>
>> LIBRESSL_VERSION_NUMBER evaluates to 0 under OpenSSL, making the condition
>> always true. Check for the define before checking it.
>>
>> Signed-off-by: Rosen Penev <ros...@gmail.com>
>> ---
>> include/common/openssl-compat.h | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/include/common/openssl-compat.h
>> b/include/common/openssl-compat.h
>> index 25102fbe3..c5029d133 100644
>> --- a/include/common/openssl-compat.h
>> +++ b/include/common/openssl-compat.h
>> @@ -278,7 +278,7 @@ static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey)
>> #define TLSEXT_signature_ecdsa 3
>> #endif
>>
>> -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (LIBRESSL_VERSION_NUMBER <
>> 0x20700000L)
>> +#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL) && (LIBRESSL_VERSION_NUMBER <
>> 0x2070000fL)
>
>
> assuming "&& (LIBRESSL_VERSION_NUMBER < 0x2070000fL)" part ... it is only
> relevant for LibreSSL, right ?
> if so, should we leave just second part and omit first ?
No. As I said previously, undefined macros evaluate to 0. OpenSSL does
not define LIBRESSL_VERSION_NUMBER.
>
>
>>
>> #define X509_getm_notBefore X509_get_notBefore
>> #define X509_getm_notAfter X509_get_notAfter
>> #endif
>> --
>> 2.23.0
>>
>>
