Date: Sat, 24 Jun 2017 08:34:36 -0600 From: Adam Weinberger <adamw@adamw.org> To: Peter Jeremy <peter@rulingia.com> Cc: freebsd-ports@freebsd.org Subject: Re: security/libressl not API-compatible with OpenSSL, breaks www/apache24 Message-ID: <9EF3C3B9-AB6A-4A1A-8AED-1D674CCECF60@adamw.org> In-Reply-To: <20170624092744.GA69225@server.rulingia.com> References: <20170624092744.GA69225@server.rulingia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 24 Jun, 2017, at 3:27, Peter Jeremy <peter@rulingia.com> wrote: >=20 > In <openssl/opensslv.h>, libressl-2.5.4 specifies > #define OPENSSL_VERSION_NUMBER 0x20000000L > but doesn't provide an API compatible with OpenSSL. In particular, > it's missing (at least) SSL_CTX_set_max_proto_version() and > SSL_CTX_set_min_proto_version(), which were added in OpenSSL 1.1.0. > This breaks (at least) apache-2.4 which includes the code: > #if OPENSSL_VERSION_NUMBER >=3D 0x10100000L > SSL_CTX_set_max_proto_version(ssl_ctx, max_prot); > SSL_CTX_set_min_proto_version(ssl_ctx, min_prot); > #endif >=20 > Does anyone have a suggestion, other than switching from LibreSSL back = to > OpenSSL? >=20 > --=20 > Peter Jeremy Try changing it to #if OPENSSL_VERSION_NUMBER >=3D 0x10100000L && = !defined(LIBRESSL_VERSION_NUMBER) # Adam --=20 Adam Weinberger adamw@adamw.org https://www.adamw.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9EF3C3B9-AB6A-4A1A-8AED-1D674CCECF60>