Re: LibreSSL support
Date: Mon, 17 Sep 2018 15:11:21 +0200
On Sep 13 13:46:55, daniel_at_haxx.se wrote:
> On Thu, 13 Sep 2018, Jan Stary wrote:
> > what is state of curl's LibreSSL support? The comparison page
> > https://curl.haxx.se/docs/ssl-compared.html does not even mention
> > LibreSSL.
> Check again. It says:
>  = Mostly the same feature set is also provided by LibreSSL and BoringSSL
Sorry, I missed that.
The statement is a bit misleading though, right?
For instance, LibreSSL deliberately dropped SSLv2 and SSLv3.
> > For instance, the MacPort of curl
> > https://github.com/macports/macports-ports/tree/master/net/curl uses a
> > patch (mostly dancing with LIBRESSL_VERSION_NUMBER and OPENSSL_VERSION)
> > to make curl compile on MacOS.
> Curious. We have a travis job that makes sure that *every single merge* we
> do also build and test fine with libressl. On mac even.
Yes. The current git builds without problems on 10.13.6,
using /usr/lib/libssl.dylib, which is LibreSSL's libssl.35.dylib.
The reason the MacPort needs the patch is probably that MacPorts
uses the old LibreSSL 2.5.5, when a patch like this was still needed.
> Nobody has presented any patch to us to improve our libressl support. I have
> not seen that patch before. It looks like it corrects the libressl version
> number, not actually fixing a build problem?
Does curl make decisions in the code
based on the SSL implementation version?
Or does this merely display the version?
> > Similarly for OpenBSD,
> > http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/curl/
> I must be blind. I see no libressl patch there?