Am 20.06.18 um 14:40 schrieb Emmanuel Deloget: > Hello Rosen, > > On Wed, Jun 20, 2018 at 7:00 AM Gert Doering <g...@greenie.muc.de> wrote: >> >> Hi, >> >> On Tue, Jun 19, 2018 at 09:46:50PM -0700, Rosen Penev wrote: >>> Signed-off-by: Rosen Penev <ros...@gmail.com> >>> --- >>> src/openvpn/crypto_openssl.c | 9 +++++++++ >>> src/openvpn/ssl_openssl.c | 32 +++++++++++++++++++++++++++++++- >>> src/openvpn/ssl_verify_openssl.c | 1 + >>> 3 files changed, 41 insertions(+), 1 deletion(-) > > Can you give a better explanation of the issue ? (I'm sorry, I try to > follow the discussions on the ML, but I'm kind of slow (and busy, > which does not help)).
For function that are different in OpenSSL 1.0 and 1.1 we put them into the compat_openssl.h instead of adding ifdefs in the code. Most time we implement the new function name with the old API to have only the new API in OpenVPN itself. E.g. SSLeay_version would be implemented via OpenSSL_version And while I am here: > #if OPENSSL_VERSION_NUMBER >= 0x10002000L > /* OpenSSL 1.0.2 and newer can automatically handle ECDH parameter > * loading */ > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > SSL_CTX_set_ecdh_auto(ctx->ctx, 1); > +#endif > return; > #else That ifdef removal needs a bit more explaination (e.g. that function being a dummy with compat layer). Arne ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
