security/libressl not API-compatible with OpenSSL, breaks www/apache24
Peter Jeremy
peter at rulingia.com
Sat Jun 24 09:28:13 UTC 2017
In <openssl/opensslv.h>, libressl-2.5.4 specifies
#define OPENSSL_VERSION_NUMBER 0x20000000L
but doesn't provide an API compatible with OpenSSL. In particular,
it's missing (at least) SSL_CTX_set_max_proto_version() and
SSL_CTX_set_min_proto_version(), which were added in OpenSSL 1.1.0.
This breaks (at least) apache-2.4 which includes the code:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
SSL_CTX_set_max_proto_version(ssl_ctx, max_prot);
SSL_CTX_set_min_proto_version(ssl_ctx, min_prot);
#endif
Does anyone have a suggestion, other than switching from LibreSSL back to
OpenSSL?
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20170624/effdba69/attachment.sig>
More information about the freebsd-ports
mailing list