security/libressl not API-compatible with OpenSSL, breaks www/apache24
Adam Weinberger
adamw at adamw.org
Sat Jun 24 14:34:46 UTC 2017
> On 24 Jun, 2017, at 3:27, Peter Jeremy <peter at rulingia.com> wrote:
>
> In <openssl/opensslv.h>, libressl-2.5.4 specifies
> #define OPENSSL_VERSION_NUMBER 0x20000000L
> but doesn't provide an API compatible with OpenSSL. In particular,
> it's missing (at least) SSL_CTX_set_max_proto_version() and
> SSL_CTX_set_min_proto_version(), which were added in OpenSSL 1.1.0.
> This breaks (at least) apache-2.4 which includes the code:
> #if OPENSSL_VERSION_NUMBER >= 0x10100000L
> SSL_CTX_set_max_proto_version(ssl_ctx, max_prot);
> SSL_CTX_set_min_proto_version(ssl_ctx, min_prot);
> #endif
>
> Does anyone have a suggestion, other than switching from LibreSSL back to
> OpenSSL?
>
> --
> Peter Jeremy
Try changing it to
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
# Adam
--
Adam Weinberger
adamw at adamw.org
https://www.adamw.org
More information about the freebsd-ports
mailing list