Inverted OPENSSL_API_COMPAT test in <openssl/macros.h> regarding to --api= version set #17930
Labels
resolved: answered
The issue contained a question which has been answered
triaged: question
The issue contains a question
I have hard time figuring how to use
--api=x.y.z
regardingOPENSSL_API_COMPAT
define.Say I have
#define OPENSSL_API_COMPAT 0x010101000L
in one file and want to compile it against OpenSSL 3.0.1 configured with--api=1.1.0
, I would have expectedOPENSSL_API_COMPAT
to ask for API 1.1.1 to be available, and--api=1.1.0
to ask for APIs 1.1.0, 1.1.1, and 3.0 to be built in OpenSSL.But this doesn't work as I expected:
--api=3.0
and preprocess code asking for 1.1.1 compatibility:--api=1.1.1
and preprocess code asking for 1.1.1 compatibility:--api=1.1.0
and preprocess code asking for 1.1.1 compatibility:It makes no sense to me that building OpenSSL with
--api=3.0
provides 1.1.1OPENSSL_API_COMPAT
, while OpenSSL configured with--api=1.1.0
doesn't provide 1.1.1OPENSSL_API_COMPAT
, as--api
should set the oldest API supported.In
openssl/include/openssl/macros.h
Line 138 in 1bf649b
I believe the test should be inverted
Especially as requesting higher
OPENSSL_API_COMPAT
is preventedopenssl/include/openssl/macros.h
Line 145 in 1bf649b
Issue reported on openssl-users@openssl.org, see https://mta.openssl.org/pipermail/openssl-users/2022-March/014960.html
The text was updated successfully, but these errors were encountered: