[PATCH] SSL: let it build against LibreSSL

Maxim Dounin mdounin at mdounin.ru
Wed Jul 30 00:55:53 UTC 2014


On Tue, Jul 29, 2014 at 04:20:20PM -0700, Piotr Sikora wrote:

> # HG changeset patch
> # User Piotr Sikora <piotr at cloudflare.com>
> # Date 1406575677 25200
> #      Mon Jul 28 12:27:57 2014 -0700
> # Node ID c1abbfee85b3185c28a279c7935d0bb871933ed8
> # Parent  e3086fd5e59335f4f3f165ee74c094a7aca2aeb3
> SSL: let it build against LibreSSL.
> LibreSSL developers decided that LibreSSL is OpenSSL-2.0.0, so tests
> for OpenSSL-1.0.2+ are now passing, even though the library doesn't
> provide functions that are expected from that version of OpenSSL.

As previously suggested, this doesn't looks like a right way to 
go.  If LibreSSL folks continue to insist this is OpenSSL-2.0.0, 
then we'll probably have redefine OPENSSL_VERSION_NUMBER 

> The #ifndefs around SSL_CTX_set_tmp_rsa_callback() aren't strictly
> necessary, but support for the export cipher suites has been removed
> from LibreSSL, so they clearly mark the unsupported feature.

Same as for BoringSSL patch - I don't think we should add #if's 

Maxim Dounin

More information about the nginx-devel mailing list