Uses symbols not present on OSX (TLSv1_1/2_method)

[avsm]

These cause linking errors for anything using the latest Async_ssl on OSX

Undefined symbols for architecture x86_64:
  "_TLSv1_1_method", referenced from:
      _async_ssl_stub_9_TLSv1_1_method in libasync_ssl_stubs.a(ffi_generated_stubs.o)
     (maybe you meant: _async_ssl_stub_9_TLSv1_1_method)
  "_TLSv1_2_method", referenced from:
      _async_ssl_stub_10_TLSv1_2_method in libasync_ssl_stubs.a(ffi_generated_stubs.o)
     (maybe you meant: _async_ssl_stub_10_TLSv1_2_method)

[trefis]

Hi,

I googled these symbols, and it seems a few people are indeed having that same error (but when using boost, and such) on OS X.
I haven't seen a "proper fix" anywhere though. People seem to imply that their installation was somewhat broken (see Peerunity/Peerunity#148 which links to http://redmine.webtoolkit.eu/boards/2/topics/8863 ). Using macports instead of homebrew to install openssl seems to fix it for them.
Are you in the same situation?

PS: I am not a C++ user, but as far as I know boost has tons of users, I would be surprised if their library was (that obviously) broken, so I tend to believe that a setup problem is the reasonable explanation here.

[avsm]

Using macports instead of homebrew to install openssl seems to fix it for them

This requires the installation of a custom version of OpenSSL. I dont think that's a very good idea to encourage, since the system installation is where all the security updates happen rapidly (ish). I think a configure script that detects the existence of these symbols and otherwise fails (or falls back to some other behaviour) would be better.

Have you considered an Async_ssl based on ocaml-tls btw?

[tari3x]

I'll add a fix to detect the version.

Last time I checked, ocaml-tls had some restrictions on the kinds of certificates it can handle: RSA only, no revocation lists. This probably covers the majority of cases, but it would be sad to keep bumping into occasional exceptions. Also OpenSSL just does the job, so even with equivalent coverage, there just isn't enough motivation to spend effort on switching.

[avsm]

Thanks for adding the version detection. The other features you mention are on the roadmap for OCaml-TLS, but I agree that maintaining OpenSSL bindings for some time is also essential.

[avsm]

Just a ping -- any chance of getting this unbroken on macos? It's causing constraint hell

[tari3x]

I'm looking at it right now actually.

[tari3x]

This is fixed and should make it into the next release. I can probably give you the patch in the meantime if that helps.

[avsm]

@tari3x a point release to async_ssl in OPAM would be great. MacOS X is a primary development platform these days, so we should try to keep Async working well on public releases.