On Sat, Dec 07, 2024 at 10:28:34PM +0100, Kirill Miazine wrote: > • Theo Buehler [2024-12-07 22:10]: > > > to help catching LibreSSL issues, I added two additional OpenBSD build > > > systems, both with LibreSSL. the difference is DANE, which is breaking the > > > builds currently. the build without DANE goes well, even with Libre. > > > > Yes, libressl has currently no DANE support and if it adds it, that would > > most likely be in libtls, not in the intrusive way it was done in openssl. > > luckily, Exim does not use OpenSSL DANE facilities currently -- DANE arrived > in Exim before OpenSSL
The DANE code in Exim assumes a rather old version of libressl. We made some structs in libcrypto opaque in the 3.5 release and needed to add some patches to avoid the provided compat implementations that no longer worked at that point. A bit more recently EVP_add_digest() was removed since that hasn't done anything for a very long time (this was added for very old versions of OpenSSL where you had to take action to load SHA-2 digests). The one line patch in tls-openssl.c was added for the same reason.
