[Dovecot] 2.2.5 fails to compile - SSL_OP_SINGLE_ECDH_USE : Solaris 10 + Sunstudio 12.3
Hi,
Compile fails in these two files src/lib-ssl-iostream/iostream-openssl-context.c src/login-common/ssl-proxy-openssl.c due to missing SSL_OP_SINGLE_ECDH_USE
In these there is only #if !defined(OPENSSL_NO_ECDH) when all the other places it always compares also SSL version #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L
Tomppa
On 7.8.2013, at 15.00, Tomi Vainio <Tomi.Vainio@Oracle.COM> wrote:
Compile fails in these two files src/lib-ssl-iostream/iostream-openssl-context.c src/login-common/ssl-proxy-openssl.c due to missing SSL_OP_SINGLE_ECDH_USE
I did some further cleanups, this should help: http://hg.dovecot.org/dovecot-2.2/rev/27ebd9552471
On 7.8.2013 18.01, Timo Sirainen wrote:
On 7.8.2013, at 15.00, Tomi Vainio <Tomi.Vainio@Oracle.COM> wrote:
Compile fails in these two files src/lib-ssl-iostream/iostream-openssl-context.c src/login-common/ssl-proxy-openssl.c due to missing SSL_OP_SINGLE_ECDH_USE
I did some further cleanups, this should help: http://hg.dovecot.org/dovecot-2.2/rev/27ebd9552471
Thanks, works fine.
Solaris 10 has version which is quite old base line
% openssl version OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-7250 CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2008-7270 CVE-2009-0590 CVE-2009-2409 CVE-2009-3555 CVE-2010-4180 CVE-2011-4576 CVE-2011-4619 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 CVE-2013-0166 CVE-2013-0169)
Tomppa
On Wed, 2013-08-07 at 15:00 +0300, Tomi Vainio wrote:
Compile fails in these two files src/lib-ssl-iostream/iostream-openssl-context.c src/login-common/ssl-proxy-openssl.c due to missing SSL_OP_SINGLE_ECDH_USE
In these there is only #if !defined(OPENSSL_NO_ECDH) when all the other places it always compares also SSL version #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L
SSL_OP_SINGLE_ECDH_USE has been defined in OpenSSL's ssl/ssl.h since draft ECC support was first committed on 9 Aug 2002[1]. OpenSSL's CHANGES file states that draft ECC support was added between openssl-0.9.7 and openssl-0.9.8. OpenSSL has also been defining OPENSSL_NO_ECDH in the build script since 30 Jan 2009[2]. All releases in the openssl-0.9.8 series and higher should therefore have both SSL_OP_SINGLE_ECDH_USE and OPENSSL_NO_ECDH defined.
Would I be correct to assume that Solaris 10 is bundling OpenSSL <=0.9.7?
[1] http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/ssl.h;h=49e3c52c9c...
[2] http://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff;f=util/mk1mf.pl;h=5f...
participants (3)
-
David Hicks
-
Timo Sirainen
-
Tomi Vainio