On 01/29/2017 04:26 AM, Amos Jeffries wrote: > This is I think all we need to do code-wise to resolve the Bug 4662 > issues with LibreSSL being incompatible with OpenSSL 1.1. > > The libraries cannot both be linked either way. If both --with-* options > are provided LibreSSL currently overrides OpenSSL. I picked that > preference order because AFAICS the LibreSSL has the lower overall > security footprint while providing the same (or better) needed > functionality. > > > NP: If there are no objections I would like to fast-track this and apply > in ~3 days (allowing for today being a sunday) for a slightly late > 4.0.18 beta.
I do not think these changes should be committed. As you probably know from earlier communication, I think we should avoid using both USE_OPENSSL and USE_LIBRESSL in the code if LibreSSL is [treated as] a replacement for OpenSSL. I have suggested several ways to avoid the dangerous and needless repetition of (USE_OPENSSL || USE_LIBRESSL) conditions, and we even seemed to agree on one of those solutions. FWIW, I do not think bug 4662 blocks 4.0.18 beta. Alex. _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev