Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix build with LibreSSL 2.7 #1153

Closed
wants to merge 1 commit into from
Closed

Fix build with LibreSSL 2.7 #1153

wants to merge 1 commit into from

Conversation

Sp1l
Copy link
Contributor

@Sp1l Sp1l commented Mar 25, 2018

LibreSSL 2.7 added a large part of the OpenSSL 1.1 API.

  • Rename LIBRESSL_IN_USE to LIBRESSL_1_0_API (LibreSSL with
    OpenSSL 1.0 API)
  • Add LIBRESSL_1_1_API for ifdef blocks where the 1.1 API in
    LibreSSL is incomplete
  • Use OPENSSL_NO_PSK to detect missing PSK feature (not LibreSSL
    specific)

Signed-off-by: Bernard Spil brnrd@FreeBSD.org

LibreSSL 2.7 added a large part of the OpenSSL 1.1 API.
 - Rename LIBRESSL_IN_USE to LIBRESSL_1_0_API (LibreSSL with
   OpenSSL 1.0 API)
 - Add LIBRESSL_1_1_API for ifdef blocks where the 1.1 API in
   LibreSSL is incomplete
 - Use OPENSSL_NO_PSK to detect missing PSK feature (not LibreSSL
   specific)

Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>

#if !LIBRESSL_IN_USE
#if OPENSSL_NO_PSK
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be #ifndef OPENSSL_NO_PSK

@tatsuhiro-t
Copy link
Member

Thank you for PR.

I have no hard feelings toward LibreSSL, but supporting OpenSSL, LibreSSL, and boringSSL with slightly different/added/missing APIs is pretty much hard for me. It is certainly not impossible, but.

Perhaps, the following criteria would make our lives easier:
For boringSSL, because it does not have proper release, we only care about its HEAD.
For OpenSSL, because it is our primary TLS stack, we support for its release versions.
For LibreSSL, it would be easier for us to just support its latest release.

@tatsuhiro-t
Copy link
Member

Another option is check availability of every OpenSSL API functions rather than checking library versions. It forces me to tackle with cmake which I don't know much about.

@tatsuhiro-t
Copy link
Member

I did this differently in #1162. I explicitly defined LIBRESSL_2_7_API instead. This would be better because when libressl 2.8 comes out and it implements another set of OpenSSL 1.1 API, then we have to change LIBRESSL_1_1_API definition and add more ifdefs to exclude libressl 2.7.

@tatsuhiro-t
Copy link
Member

#1162 fixed libressl 2.7 issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants