Quantcast

OPENSSL_VERSION_NUMBER not an unsigned Int

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OPENSSL_VERSION_NUMBER not an unsigned Int

Bernard Spil
Hi,

Working with patches for Postfix I noticed you use a non-standard way to
test for OpenSSL version numbers. You're using comparisons to an
unsigned int constant whereas OPENSSL_VERSION_NUMBER has only ever been
defined as an int see
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/opensslv.h#L33
I've not encountered this notation before in code.

Atached patch modifies existing OPENSSL_VERSION_NUMBER checks to regular
checks.

This is helpful when checking for OPENSSL_VERSION_NUMBER checks when
porting for LibreSSL or BoringSSL.

Cheers,

Bernard.


patch-postfix-3.2.0 (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OPENSSL_VERSION_NUMBER not an unsigned Int

Viktor Dukhovni

> On Apr 21, 2017, at 5:16 PM, Bernard Spil <[hidden email]> wrote:
>
> Working with patches for Postfix I noticed you use a non-standard way to test for OpenSSL version numbers. You're using comparisons to an unsigned int constant whereas OPENSSL_VERSION_NUMBER has only ever been defined as an int see
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/opensslv.h#L33
> I've not encountered this notation before in code.
>
> Atached patch modifies existing OPENSSL_VERSION_NUMBER checks to regular checks.
>
> This is helpful when checking for OPENSSL_VERSION_NUMBER checks when porting for LibreSSL or BoringSSL.

The patch is wrong.  The value in question is a preprocessor macro
that has a literal integral value.  Comparison with unsigned long
constants is fine and future-proofs the code for a hypothetical
future OpenSSL 8-15.x.y.

Postfix is not supported with LibreSSL or BoringSSL.

LibreSSL is increasingly falling behind OpenSSL and irrelevant.
BoringSSL does not provide a stable public interface.

--
        Viktor.
Loading...