On Tue, Jul 18, 2023 at 10:43:57AM +0200, William Lallemand wrote: > On Tue, Jul 18, 2023 at 09:11:33AM +0200, Willy Tarreau wrote: > > I'll let the SSL maintainers check all this, but my sentiment is that in > > general if there are differences between the libs, it would be better if > > we have a special define for this one as well. It's easier to write and > > maintain "#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)" > > than making it appear sometimes as one of them, sometimes as the other. > > That's what we had a long time ago and it was a real pain, every single > > move in any lib would cause breakage somewhere. Being able to reliably > > identify a library and handle its special cases is much better. > > I agree, we could even add a build option OPENSSL_AWSLC=1 like we've > done with wolfssl, since this is a variant of the Openssl API. Then > every supported features could be activated with the HAVE_SSL_* defines > in openssl-compat.h. Discovering the features with libreSSL and > boringSSL version defines was a real mess, we are probably going to end > up with a matrix of features supported by different libraries.
Very good point, and I totally agree (with this and the rest of your proposals). Willy