Bug #2729
closedRuntime issues with LibreSSL
Description
LibreSSL sets flags for deprecated OpenSSL features to 0x0 making certain comparisons fail:
if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)))
no longer does what is intended. To fix these, wrap the blocks in
#ifndef OPENSSL_NO_SSL2as these are no-op anyway when OpenSSL was built without SSLv2 or SSLv3 support.
Files
Updated by gstrauss over 8 years ago
- Status changed from New to Fixed
- Target version changed from 1.4.x to 1.4.40
Already fixed in master branch. See 1ca52fdc
https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/1ca52fdce3b87f7748dd5db6f59d738ed7a9efe1
Updated by brnrd over 8 years ago
Sorry for the noise...
Reporter of the PR at FreeBSD is the author of the fix you have. Will commit the relevant parts to FreeBSD ports after approval of maintainer.
Thanks!
Updated by gstrauss over 8 years ago
No worries.
FYI: slightly off-topic, but https://github.com/openssl/openssl/issues/1036 has a discussion about a specific API change in the upcoming OpenSSL 1.1.0 (currently in pre-release), and I noted that LibreSSL is incorrectly pretending to be OpenSSL 2.0.0 by defining OPENSSL_VERSION_NUMBER 0x20000000L You (or I) might want to ask the LibreSSL developers about that.
Also available in: Atom