> On Apr 21, 2017, at 5:16 PM, Bernard Spil <[email protected]> wrote:
>
> Working with patches for Postfix I noticed you use a non-standard way to test
> for OpenSSL version numbers. You're using comparisons to an unsigned int
> constant whereas OPENSSL_VERSION_NUMBER has only ever been defined as an int
> see
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/opensslv.h#L33
> I've not encountered this notation before in code.
>
> Atached patch modifies existing OPENSSL_VERSION_NUMBER checks to regular
> checks.
>
> This is helpful when checking for OPENSSL_VERSION_NUMBER checks when porting
> for LibreSSL or BoringSSL.
The patch is wrong. The value in question is a preprocessor macro
that has a literal integral value. Comparison with unsigned long
constants is fine and future-proofs the code for a hypothetical
future OpenSSL 8-15.x.y.
Postfix is not supported with LibreSSL or BoringSSL.
LibreSSL is increasingly falling behind OpenSSL and irrelevant.
BoringSSL does not provide a stable public interface.
--
Viktor.
