On Sat, Jul 12, 2014 at 00:22, Piotr Sikora wrote: > Hey Bob, > >> It's already fixed, so will be on the next tarball roll > > Thanks! > > I should have been more clear in my previous email, but would it be possible > to also revert OPENSSL_VERSION_NUMBER back to 0x1000107fL (or 0x1000108fL)? > This way LibreSSL would work as a drop-in replacement without applications > needing to add explicit support for LibreSSL.
Ideas are still bouncing around, but basically OpenSSL fucked up from the start. Instead of defining (e.g.) OPENSSL_HAS_ECDH, new versions which are compiled without it define OPENSSL_NO_ECDH and then your application code checks ifndef OPENSSL_NO_ECDH. But that test also passes on older versions that lack the feature entirely, and then the guarded code won't compile. Testing for ifdef OPENSSL_FEATURE would work with both old libraries that don't know about the feature and new libraries that don't support it. As expected, OPENSSL does the opposite and makes life harder for everyone.
