[Dovecot] 2.2.5 fails to compile - SSL_OP_SINGLE_ECDH_USE : Solaris 10 + Sunstudio 12.3

David Hicks david at hicks.id.au
Wed Aug 7 19:06:39 EEST 2013


On Wed, 2013-08-07 at 15:00 +0300, Tomi Vainio wrote:
> Compile fails in these two files
> src/lib-ssl-iostream/iostream-openssl-context.c
> src/login-common/ssl-proxy-openssl.c
> due to missing SSL_OP_SINGLE_ECDH_USE
> 
> In these there is only
> #if !defined(OPENSSL_NO_ECDH)
> when all the other places it always compares also SSL version
> #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L

SSL_OP_SINGLE_ECDH_USE has been defined in OpenSSL's ssl/ssl.h since
draft ECC support was first committed on 9 Aug 2002[1]. OpenSSL's
CHANGES file states that draft ECC support was added between
openssl-0.9.7 and openssl-0.9.8. OpenSSL has also been defining
OPENSSL_NO_ECDH in the build script since 30 Jan 2009[2]. All releases
in the openssl-0.9.8 series and higher should therefore have both
SSL_OP_SINGLE_ECDH_USE and OPENSSL_NO_ECDH defined.

Would I be correct to assume that Solaris 10 is bundling OpenSSL
<=0.9.7?

[1]
http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/ssl.h;h=49e3c52c9c4982ccec5e280cd3577d1b783f016c;hb=ea262260469e49149cb10b25a87dfd6ad3fbb4ba#l480

[2]
http://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff;f=util/mk1mf.pl;h=5f3ab059f0cccd058a89e9036a740c046d813ba8;hp=8c6370bc5dcbb470550d520b834148a027a7d3bc;hb=0b13e9f055d3f7be066dc2e89fc9f9822b12eca7;hpb=96f7065f6392e19f1449578aaeabb8dc39294fa7

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130808/0bf00fd5/attachment.bin>


More information about the dovecot mailing list