PolarSSL: version 1.3.8 now required #1401
Comments
|
I'm inclined to say that we simply raise the bar to 1.3.8 unless someone steps forward and does the work to make sure older versions get supported again. Reading up on recent security details, it seems PolarSSL users shouldn't use anything other than 1.3.19 anyway... |
|
I believe commit 04b4ee5 (June 2016) is what broke support for older versions, and that change doesn't look like a quick and easy fix to get working for older PolarSSL versions. The fact that it took 10 months for someone to report it could also work as a sign... |
|
We could fix it I think. That call in the final two versions of PolarSSL is just this void ssl_session_init( ssl_session *session )
{
memset( session, 0, sizeof(ssl_session) );
}Regarding security for PolarSSL in Trusty I assume it gets security fixes for their LTS? |
Right, as there won't be new versions of PolarSSL, we don't need to consider future changes to |
|
I'm totally fine with that! |
ssl_session_init was only introduced in version 1.3.8, the penultimate version. The function only contains a memset, so replace it with that. Suggested-by: Jay Satiro Fixes curl#1401
I did this
Tried to build curl with PolarSSL on Ubuntu 14.04 Trusty Tahr. It compiled, but linking failed because of an undefined reference to
ssl_session_initwhich was introduced in 9f498de and is only available in PolarSSL versions 1.3.8 and 1.3.9. Ubuntu Trusty comes with PolarSSL 1.3.4.I expected the following
Either the minimum version documented in INTERNALS.md bumped to 1.3.8 and the minimum
POLARSSL_VERSION_NUMBERin polarssl.c bumped to0x01030800or a successful build.curl/libcurl version
git master f9d1e9a
operating system
Ubuntu Trusty
The text was updated successfully, but these errors were encountered: