[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] libcrypto: fix compilation with LibreSSL


Hi Jakub,

On 01/07/2019 15:46, Jakub Jelen wrote:
> Thank you for the patch.
> 
> I am wondering whether it would be cleaner to have this detection done
> in cmake (see ConfigureChecks.cmake and config.h.cmake) and have the
> code clean of specific references to different implementation of
> openssl API.
> 
> Regards,
> 

Thanks for the quick reply!

Something like defining HAVE_FIPS_MODE in cmake for OpenSSL only when FIPS is
supported and then checking it in libcrypto.h? It can be done, not sure which
way is better.

I'll make a patch v2, so you could decide.

Yet I see nothing wrong with *SSL_VERSION_NUMBER ifdefs in the code when they
are justified.

References to different OpenSSL versions already exist in libssh (grep it
for OPENSSL_VERSION_NUMBER). As far as I know ifdefs with
LIBRESSL_VERSIONS_NUMBER and OPENSSL_VERSION_NUMBER is a very common
way of supporting different OpenSSL/LibreSSL API versions in many projects.
For example:
https://github.com/OpenVPN/openvpn/commit/a47508606be2c6359d4b27c3b65b72dfe4786222
https://github.com/curl/curl/commit/7c90c93c0b061da81f69fabdd57125b2783c15fb
https://w1.fi/cgit/hostap/commit/?id=f665c93e1d28fbab3d9127a8c3985cc32940824f
etc, lots of them.

--
Stefan

References:
[PATCH] libcrypto: fix compilation with LibreSSLStefan Strogin <steils@xxxxxxxxxx>
Re: [PATCH] libcrypto: fix compilation with LibreSSLJakub Jelen <jjelen@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org