curl-users
Re: LibreSSL support
Date: Mon, 17 Sep 2018 16:34:41 +0200 (CEST)
On Mon, 17 Sep 2018, Jan Stary wrote:
>> [1] = Mostly the same feature set is also provided by LibreSSL and BoringSSL
>
> Sorry, I missed that.
>
> The statement is a bit misleading though, right? For instance, LibreSSL
> deliberately dropped SSLv2 and SSLv3.
I don't think it is actually *misleading* since it says "mostly the same". I
think that's accurate. It is a bit unspecific though, like about in what
particular areas the three forks differ. I'm not even sure myself so I've not
split them up.
The web site contents (like this SSL comparison table) are also in git and we
welcome pull-requests there too. See the table at
https://github.com/curl/curl-www/blob/master/docs/_ssl-compared.html
SSLv2 and SSLv3 are disabled by default in OpenSSL and BoringSSL as well so in
reality I doubt that particular detail matters much to most users.
> The reason the MacPort needs the patch is probably that MacPorts uses the
> old LibreSSL 2.5.5, when a patch like this was still needed.
If you say so. Still nobody has presented that or a similar patch to us, which
in my mind means they don't truly think it should be used by us. In the mean
time I landed my take on the libressl version number fix.
> Does curl make decisions in the code based on the SSL implementation
> version?
The code makes build-time decisions *mostly* based on OPENSSL_VERSION_NUMBER,
but also on LIBRESSL_VERSION_NUMBER since they've gone separate ways.
> Or does this merely display the version?
OpenSSL_version_num() is used to display the version.
>> I must be blind. I see no libressl patch there?
>
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/curl/patches/patch-lib_vtls_openssl_c
Thanks. I believe that is now rendered obsolete.
-- / daniel.haxx.se ----------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2018-09-17