Hi Jakub, On 01/07/2019 15:46, Jakub Jelen wrote: > Thank you for the patch. > > I am wondering whether it would be cleaner to have this detection done > in cmake (see ConfigureChecks.cmake and config.h.cmake) and have the > code clean of specific references to different implementation of > openssl API. > > Regards, >
Thanks for the quick reply! Something like defining HAVE_FIPS_MODE in cmake for OpenSSL only when FIPS is supported and then checking it in libcrypto.h? It can be done, not sure which way is better. I'll make a patch v2, so you could decide. Yet I see nothing wrong with *SSL_VERSION_NUMBER ifdefs in the code when they are justified. References to different OpenSSL versions already exist in libssh (grep it for OPENSSL_VERSION_NUMBER). As far as I know ifdefs with LIBRESSL_VERSIONS_NUMBER and OPENSSL_VERSION_NUMBER is a very common way of supporting different OpenSSL/LibreSSL API versions in many projects. For example: https://github.com/OpenVPN/openvpn/commit/a47508606be2c6359d4b27c3b65b72dfe4786222 https://github.com/curl/curl/commit/7c90c93c0b061da81f69fabdd57125b2783c15fb https://w1.fi/cgit/hostap/commit/?id=f665c93e1d28fbab3d9127a8c3985cc32940824f etc, lots of them. -- Stefan
