[PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

Faulet >From f8d90c49944a64b153091a6f524dd22db26b8c80 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Thu, 8 Jun 2017 22:18:52 +0200 Subject: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0 For openssl 1.0.2, SSLv3_server_meth

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

On Wed, Jun 14, 2017 at 03:11:28PM +0200, Christopher Faulet wrote: > Hi, > > HAProxy compilation fails if OpenSSL 1.0.2 is compiled without the support > of SSLv3 methods (SSL3_server_method and SSL3_client_method). The manpage > SSL_CTX_new(3) specifies that these functions are available if > OP

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

> Le 14 juin 2017 à 16:43, Willy Tarreau a écrit : > > On Wed, Jun 14, 2017 at 03:11:28PM +0200, Christopher Faulet wrote: >> Hi, >> >> HAProxy compilation fails if OpenSSL 1.0.2 is compiled without the support >> of SSLv3 methods (SSL3_server_method and SSL3_client_method). The manpage >> SSL_

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

> Le 14 juin 2017 à 18:09, Emmanuel Hocdet a écrit : > > >> Le 14 juin 2017 à 16:43, Willy Tarreau a écrit : >> >> On Wed, Jun 14, 2017 at 03:11:28PM +0200, Christopher Faulet wrote: >>> Hi, >>> >>> HAProxy compilation fails if OpenSSL 1.0.2 is compiled without the support >>> of SSLv3 metho

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

Hi Manu, On Thu, Jun 15, 2017 at 02:17:01PM +0200, Emmanuel Hocdet wrote: > The mistake is from commit 5db33cbd "MEDIUM: ssl: ssl_methods implementation > is > reworked and factored for min/max tlsxx ». I lost the correct #define when i > rework my > initials patches. This patch will fix that (f

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

> Le 15 juin 2017 à 14:37, Willy Tarreau a écrit : > > Hi Manu, > > On Thu, Jun 15, 2017 at 02:17:01PM +0200, Emmanuel Hocdet wrote: >> The mistake is from commit 5db33cbd "MEDIUM: ssl: ssl_methods implementation >> is >> reworked and factored for min/max tlsxx ». I lost the correct #define wh

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

> Le 15 juin 2017 à 16:18, Emmanuel Hocdet a écrit : > > >> Le 15 juin 2017 à 14:37, Willy Tarreau mailto:w...@1wt.eu>> a >> écrit : >> >> Hi Manu, >> >> On Thu, Jun 15, 2017 at 02:17:01PM +0200, Emmanuel Hocdet wrote: >>> The mistake is from commit 5db33cbd "MEDIUM: ssl: ssl_methods >>> im

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

Hi Willy, I would like you consider this patches because Christopher’s patch is false and doesn’t support other ssl libs and openssl >= 1.1.0. I sent my original patch with more comments and another with a little cleanup: ++ Manu 0001-BUG-MINOR-ssl-remove-haproxy-SSLv3-support-when-ssl-.pat

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

Hi Manu! Please don't forget to CC Emeric and keep in mind that I still don't understand anything about openssl, so for me it's always a huge pain each time to try to have an opinion on openssl related changes. On Wed, Jul 12, 2017 at 02:54:16PM +0200, Emmanuel Hocdet wrote: > > Hi Willy, > > I

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

Hi Manu, On 07/12/2017 03:23 PM, Willy Tarreau wrote: > Hi Manu! > > Please don't forget to CC Emeric and keep in mind that I still don't > understand anything about openssl, so for me it's always a huge pain > each time to try to have an opinion on openssl related changes. > > On Wed, Jul 12, 2

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

> Le 12 juil. 2017 à 15:23, Willy Tarreau a écrit : > > Hi Manu! > > Please don't forget to CC Emeric and keep in mind that I still don't > understand anything about openssl, so for me it's always a huge pain > each time to try to have an opinion on openssl related changes. > oops indeed > O

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

On Wed, Jul 12, 2017 at 03:54:28PM +0200, Emmanuel Hocdet wrote: > Yes i'm confident because i worked a lot to abstract tls version/api support > with > older/newer openssl versions. It's what i do with haproxy's methodVersions > table > for ssl-min/max-ver support. > What i'm missing is OPENSSL_

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

Hi guys, On Wed, Jul 12, 2017 at 03:36:24PM +0200, Emeric Brun wrote: > Same worries, the openssl 0.9.8 is still maintained in redhat 5 so we should > be able to compile with this version. OK so I checked and this patch is OK with 0.9.8zh, 1.0.0t, 1.0.1u and 1.0.2k, so I merged it. However Manu,

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

> Le 19 juil. 2017 à 14:54, Willy Tarreau a écrit : > > Hi guys, > > On Wed, Jul 12, 2017 at 03:36:24PM +0200, Emeric Brun wrote: >> Same worries, the openssl 0.9.8 is still maintained in redhat 5 so we should >> be able to compile with this version. > > OK so I checked and this patch is OK wi

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

Le 19 juil. 2017 à 15:37, Emmanuel Hocdet a écrit :Le 19 juil. 2017 à 14:54, Willy Tarreau a écrit :Hi guys,On Wed, Jul 12, 2017 at 03:36:24PM +0200, Emeric Brun wrote:Same worries, the openssl 0.9.8 is still maintained in redhat 5 so we shouldbe able to compile with

Re: [PATCH] BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0

On Wed, Jul 19, 2017 at 04:15:49PM +0200, Emmanuel Hocdet wrote: > >> > >> src/ssl_sock.c: In function 'ssl_sock_load_cert_chain_file': > >> src/ssl_sock.c:3038:20: error: 'TLSEXT_signature_anonymous' undeclared > >> (first use in this function) > >> src/ssl_sock.c:3038:20: note: each undeclared