[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Failing to compile without depricated features from opens
|
From: |
Jeffrey Walton |
|
Subject: |
Re: [Bug-wget] Failing to compile without depricated features from openssl |
|
Date: |
Tue, 21 Nov 2017 05:32:16 -0500 |
On Tue, Nov 21, 2017 at 1:07 AM, Matthew Thode
<address@hidden> wrote:
> Hi,
>
> It looks like openssl-1.1 support needs to be tweaked a bit to support
> building when openssl does not support depricated features.
>
> We are tracking the bug here, https://bugs.gentoo.org/604490 and have an
> attached patch here https://bugs.gentoo.org/attachment.cgi?id=498698
Forgive me if these don't really matter.
@@ -229,16 +238,31 @@
ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
In my $day job$ we usually we want to see SSL_OP_NO_COMP too due to
BREACH and CRIME attacks. Does it matter here?
Regarding:
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >=
0x10100000L)
+ meth = TLS_client_method();
+ ssl_proto_version = TLS1_VERSION;
+#else
meth = TLSv1_client_method ();
+#endif
I think OpenSSL reworked them for 1.1.0, but I don't know what the new
pattern is.
Jeff