On Monday 22 October 2018 19:05:44 Alexander Bluhm wrote: > On Tue, Oct 23, 2018 at 03:21:23AM +1100, Joel Sing wrote: > > P.S. There is more functionality that could be enabled for LibreSSL, which > > is currently being explicitly disabled... > > When a new Net::SSLeay is released, I disable things that are not > supported by current LibreSSL. But how can I be informed when > something is later added to LibreSSL? And to which version is it > added?
Ideally (but not always possible/easy) it should be based on functional tests, so that features are enabled as/when symbols become available. Failing that, the next best option would be the LibreSSL release notes. > > ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L || \ > > ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= > > 0x2070000fL) > This does not work for older versions of LibreSSL. Our > OPENSSL_VERSION_NUMBER is 0x20000000L, so it is always true. Yup, I've messed this up (both in this diff and the others). > In other places we use this idiom > > #if (OPENSSL_VERSION_NUMBER >= 0x10100000L && > !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= > 0x2070000fL) That works, but seems a little backwards, since you're potentially still evaluating LIBRESSL_VERSION_NUMBER even when it is not defined. I think the following would be preferable (and I'll check what we've used elsewhere more carefully): #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x2070000fL)