curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: LibreSSL support

From: Jan Stary <hans_at_stare.cz>
Date: Mon, 17 Sep 2018 15:11:21 +0200

On Sep 13 13:46:55, daniel_at_haxx.se wrote:
> On Thu, 13 Sep 2018, Jan Stary wrote:
> > what is state of curl's LibreSSL support? The comparison page
> > https://curl.haxx.se/docs/ssl-compared.html does not even mention
> > LibreSSL.
>
> Check again. It says:
>
> [1] = Mostly the same feature set is also provided by LibreSSL and BoringSSL

Sorry, I missed that.

The statement is a bit misleading though, right?
For instance, LibreSSL deliberately dropped SSLv2 and SSLv3.

> > For instance, the MacPort of curl
> > https://github.com/macports/macports-ports/tree/master/net/curl uses a
> > patch (mostly dancing with LIBRESSL_VERSION_NUMBER and OPENSSL_VERSION)
> > to make curl compile on MacOS.
>
> Curious. We have a travis job that makes sure that *every single merge* we
> do also build and test fine with libressl. On mac even.

Yes. The current git builds without problems on 10.13.6,
using /usr/lib/libssl.dylib, which is LibreSSL's libssl.35.dylib.

The reason the MacPort needs the patch is probably that MacPorts
uses the old LibreSSL 2.5.5, when a patch like this was still needed.

> Nobody has presented any patch to us to improve our libressl support. I have
> not seen that patch before. It looks like it corrects the libressl version
> number, not actually fixing a build problem?

Does curl make decisions in the code
based on the SSL implementation version?
Or does this merely display the version?

> > Similarly for OpenBSD,
> > http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/curl/
>
> I must be blind. I see no libressl patch there?

http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/curl/patches/patch-lib_vtls_openssl_c

        Jan

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-09-17