Am 20.02.20 um 09:38 schrieb Arne Schwabe:
> These checks are probably the result of copying a
> check from the LibreSSL and modifying it to be
> a OpenSSL check. For some arcane reason LibreSSL decided
> that its version number should be a long float (double) rather
> than an integer.
>
> Signed-off-by: Arne Schwabe <a...@rfc2549.org>
> ---
> src/openvpn/ssl_openssl.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
> index 21651a3e..bcdfb543 100644
> --- a/src/openvpn/ssl_openssl.c
> +++ b/src/openvpn/ssl_openssl.c
> @@ -231,7 +231,7 @@ tls_version_max(void)
> * We only need to check this for OpenSSL versions that can be
> * upgraded to 1.1.1 without recompile (>= 1.1.0)
> */
> - if (OpenSSL_version_num() >= 0x1010100fL)
> + if (OpenSSL_version_num() >= 0x1010100L)
> {
> return TLS_VER_1_3;
> }
> @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
> crypto_msg(M_FATAL, "Cannot create SSL object");
> }
>
> -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \
> +#if (OPENSSL_VERSION_NUMBER < 0x1010000L) \
> || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <=
> 0x2090000fL)
> STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
> #else
> @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
> printf("%s\n", pair->iana_name);
> }
> }
> -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
> +#if (OPENSSL_VERSION_NUMBER >= 0x1010000L)
> sk_SSL_CIPHER_free(sk);
> #endif
> SSL_free(ssl);
> Ignore that patch. I am not awake yet. the fL is not a suffix. LibreSSL has has its patch version to be 0f. Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
