On 15/04/17 11:16, Gert Doering wrote: > Hi, > > On Thu, Apr 13, 2017 at 07:26:09PM +0200, David Sommerseth wrote: >> +/* Strip out some of the version information we don't care about */ >> +#define OSSLVER OPENSSL_VERSION_NUMBER >> 12 >> +#if OSSLVER < 0x10001 >> +#error OpneSSL too old >> +#endif > > While this works (except for the typo) - why not just do full-length math, > as in > > #if OPENSSL_VERSION_NUMBER < 0x10001000L > #error OpneSSL too old > #endif > > (note the L prefix, as in the opensslv.h #define)
Basically it was just to make the matching more similar to the matching we do with pkg-config, which does not care for the letter in the version. The OPENSSL_VERSION_NUMBER is also fairly complex, and also provides "flags" if it is a beta releases or final releases too. So by stripping out the LSB 12 bits, the whole check gets a bit more "understandable" without having to understand the whole version formatting. What is also a bit confusing to me, is that they version spec they have documented, says the last nibble (4 bits) is the status flag (dev, beta or release). While it seems to be encoded as a byte. So the shift operation considers 4 bits and not 8 bits. The next 8 next bits is the "letter" in version string. Hence the shift is 12 bits. So reviewing this now, this 12 bit shift may actually fail on big endian machines. It would probably be better to do a full 16 bit shift. But if we don't want to reduce the match set to only version numbers, I'm fine with skipping the shifts all together. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
