> On Apr 21, 2017, at 5:16 PM, Bernard Spil <[hidden email]> wrote:
> Working with patches for Postfix I noticed you use a non-standard way to test for OpenSSL version numbers. You're using comparisons to an unsigned int constant whereas OPENSSL_VERSION_NUMBER has only ever been defined as an int see
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/opensslv.h#L33 > I've not encountered this notation before in code.
> Atached patch modifies existing OPENSSL_VERSION_NUMBER checks to regular checks.
> This is helpful when checking for OPENSSL_VERSION_NUMBER checks when porting for LibreSSL or BoringSSL.
The patch is wrong. The value in question is a preprocessor macro
that has a literal integral value. Comparison with unsigned long
constants is fine and future-proofs the code for a hypothetical
future OpenSSL 8-15.x.y.
Postfix is not supported with LibreSSL or BoringSSL.
LibreSSL is increasingly falling behind OpenSSL and irrelevant.
BoringSSL does not provide a stable public interface.