The last revision of the SSL patches were tested with openssl and libressl-devel (2.5.1), but not with libressl (2.4.5) as that was assumed ok; the patches prior that revision were ok. However, the update of Qt from 5.6 to 5.7 occurred at the same time and a change in 5.7 causes a build failure with libressl (non -devel). SSL_CTRL_GET_SERVER_TMP_KEY is not defined in LibreSSL < 2.5, so better to guard it's use by checking it is defined rather than checking the reported version. Also, the previous patch for curve control is greatly simplified. I had been led astray previously by the recommendation in the BoringSSL porting guide; set1_curves was implemented first in OpenSSL, but is not the only option, set1_groups was also added to OpenSSL and is now the recommended function to use according to the OpenSSL 1.1 manpages. So, there is no need to worry about which version, just call SSL_CTX_set1_groups with either SSL library.
- Group Reviewers
- rP435579: Fix to build with libressl as well as libressl-devel and simplify patch
Poudriere 11 amd64 with openssl, libressl, libressl-devel OK (test with openssl-devel fails on python27 dependency)