v2.2.26.0 released
Aki Tuomi
aki.tuomi at dovecot.fi
Wed Nov 2 18:06:27 UTC 2016
On 02.11.2016 19:54, Stuart Henderson wrote:
> On 2016-11-02, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>> If the standard way works, I am happy to include the original patch I
>> sent, amended so that it checks for presence of LIBRESSL_VERSION_NUMBER.
>> If they keep this promise, then we should have no worries about things
>> breaking up.
> Diff below is what I've added to OpenBSD ports.
>
> The libressl API is not cast in stone, there's a possibility some
> functions from newer OpenSSL might be added - in fact we already have
> some like TLS_method. 0x20000000L was specifically chosen to not
> match up with anything OpenSSL had used because they aren't directly
> comparable.
>
> In general I think the best approach would be for feature checks, e.g.
> in autoconf. (I wish there was some common m4 file shared between
> projects that people could use for this..) In the absence of this,
> it seems a better idea to check at the places where #ifdefs are done
> rather than override OPENSSL_VERSION_NUMBER locally.
>
> I don't think carrying patches like this separately is all that good an
> idea - people may well compile things on their own and not know about
> the problem. If the build fails that's not so bad, but the silent
> miscompile we see here is pretty nasty.
>
>
>
Thank you for the patch.
My personal opinion is that it is also bit nasty to pretend to support
some API/ABI but provide false version numbers.
https://wiki.openssl.org/index.php/1.1_API_Changes, this is what OpenSSL
recommends to use for handling backwards compability with older
versions. As you can see, it uses < test. Now you are claiming to be
v2.0.0, which means that there is no reasonable way to use
OPENSSL_VERSION to determine whether some particular feature is there or
not.
Yes, we could test each function separately, but that would kinda beat
the point of having a VERSION header in the first place, and also adds
up for the ifdef hell by forcing us to check for each and every openssl
function that has changed since 1.0.0 and use that particular ifdef.
It would've been, again in my opinion, to keep the VERSION in libressl
to match with the API you are providing instead of choosing some
abstract value that can will mess up with everyone's code. If you add
features to your API from OpenSSL, you can update the version number to
match with the API you provide.
Just my 0.02€.
Aki
More information about the dovecot
mailing list