On 02/05/2024 13:24, Daniel Gustafsson wrote:
On 2 May 2024, at 11:30, Heikki Linnakangas <hlinn...@iki.fi> wrote:
And I don't see the symbol in a fresh checkout of the portable libressl
repository at https://github.com/libressl/portable.
The portable repo only contains the portable parts, did you pull the libssl
code with ./autogen?
Ah, ok, I did not.
If so you should be able to see it, like below:
:~/dev/tls/libressl $ git clone g...@github.com:libressl/portable.git
:~/dev/tls/libressl $ cd portable/
:~/dev/tls/libressl/portable (master) $ git checkout OPENBSD_7_0
branch 'OPENBSD_7_0' set up to track 'origin/OPENBSD_7_0'.
Switched to a new branch 'OPENBSD_7_0'
:~/dev/tls/libressl/portable (OPENBSD_7_0) $ ./autogen.sh
...
:~/dev/tls/libressl/portable (OPENBSD_7_0) $ cd openbsd/
:~/dev/tls/libressl/portable/openbsd (OPENBSD_7_0) $ git grep
SSL_AD_NO_APPLICATION_PROTOCOL
src/lib/libssl/ssl.h:#define SSL_AD_NO_APPLICATION_PROTOCOL 120
src/lib/libssl/ssl_tlsext.c: *alert = SSL_AD_NO_APPLICATION_PROTOCOL;
This makes targeting 7.0 as the lowest LibreSSL version appealing in my
patchset for removing support for old OpenSSL and LibreSSL versions.
Works for me. Although there's little harm in keeping the "#ifdef
SSL_AD_NO_APPLICATION_PROTOCOL" either, if that's the only thing missing
from 6.9.
--
Heikki Linnakangas
Neon (https://neon.tech)
