If the standard way works, I am happy to include the original patch I
sent, amended so that it checks for presence of LIBRESSL_VERSION_NUMBER.
If they keep this promise, then we should have no worries about things
breaking up.
Aki
On 02.11.2016 14:24, Michael A. Peters wrote:
Indeed, which is why I use it.
But it also is in the minority which is why I find it acceptable for
FLOSS projects like dovecot to elect to only un-officially support
LibreSSL via a community maintained patch.
One of the reasons why OpenSSL was forked is because they were trying
to support so many platforms that it made the code a real mess. Don't
want the same to happen to another project because of it.
Especially with places like github that make it easy for members of
the community to create and maintain such a patch, it may be the best
option if the project itself doesn't have someone who can officially
maintain LibreSSL support.
On 11/02/2016 05:08 AM, Ruga wrote:
libressl is a leaner and safer openssl
Sent from ProtonMail Mobile
On Wed, Nov 2, 2016 at 12:39 PM, Michael A. Peters
<'mpet...@domblogger.net'> wrote:
IMHO it would be acceptable to have a LibreSSL patch that is maintained
by the people who want it.
It's free software, and that kind of is the point of Open Source.
On 11/02/2016 04:36 AM, Michael A. Peters wrote:
They have stated they are going to remain API compatible with 1.0.1h
(or
g, forget which they forked) - their new stuff is outside of libcrypto.
On 11/02/2016 04:25 AM, Aki Tuomi wrote:
It does work today, I am just bit worried that it will keep on
breaking
with libressl as they evolve their API. I would personally like to
avoid
more ifdef hell if possible...
Aki
On 02.11.2016 13:22, Michael A. Peters wrote:
Standard way to fix it (on the LibreSSL page) is to check for
LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think
catches them all where needed. Note the word think.
It certainly appears to be working anyway with it.
On 11/02/2016 04:07 AM, Aki Tuomi wrote:
After doing some testing by myself, I noticed that libressl, for
some
unknown reason, defines
#define OPENSSL_VERSION_NUMBER 0x20000000L
No idea why they decided to advertise that they are OpenSSL
v2.0.0. A
local fix, if you need one, is to use
#if OPENSSL_VERSION_NUMBER == 0x20000000L
#define OPENSSL_VERSION_NUMBER 0x1000100L
#endif
in dcrypt-openssl.c after includes.
Aki
On 02.11.2016 12:39, Aki Tuomi wrote:
Hi!
Those are used if
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
So (your) libressl is providing this define. We compile our code
using
GCC and CLANG regularly, with OpenSSL v1.0.x which is the currently
officially supported one.
Aki
On 02.11.2016 12:34, Ruga wrote:
dovecot 2.2.26.0 uses the following functions, which are not
available on libressl 2.4.3:
HMAC_CTX_new
HMAC_CTX_free
EVP_PKEY_get0_EC_KEY
EVP_PKEY_get0_RSA
OBJ_length
EVP_MD_CTX_new
EVP_MD_CTX_free
The result of calling a non-existent function is a runtime error,
and we do not want that on production servers.
There are additional problems. I recommend compiling with
clang-llvm
3.9.0
to see them all.
-------- Original Message --------
Subject: Re: v2.2.26.0 released
Local Time: 1 November 2016 7:30 PM
UTC Time: 1 November 2016 18:30
From: aki.tu...@dovecot.fi
To: Dovecot Mailing List <dovecot@dovecot.org>, Ruga
<r...@protonmail.com>
OpenSSL v1.0.1 is enough.
Aki
On November 1, 2016 at 7:46 PM Ruga <r...@protonmail.com> wrote:
Hello,
We cannot upgrade from 2.2.24, because we use libressl and the
newer
dovecot versions demand openssl v1.1.
Please add the new library requirement to the INSTALL file.
All the best.
-------- Original Message --------
Subject: v2.2.26.0 released
Local Time: 28 October 2016 6:51 PM
UTC Time: 28 October 2016 16:51
From: t...@iki.fi
To: dovecot-n...@dovecot.org, Dovecot Mailing List
<dovecot@dovecot.org>
http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.26.0.tar.gz.sig
v2.2.26 had a couple of nasty bugs left in it, so here's a fixup
release. The version number is also a little bit weird, but
had to
be done this way (although 2.2.26.0.1 could have been another
possibility).
- Fixed some compiling issues.
- auth: Fixed assert-crash when using NTLM or SKEY mechanisms and
multiple passdbs.
- auth: Fixed crash when exporting to auth-worker passdb extra
fields
that had empty values.
- dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit
>
