similar to: v2.2.26.0 released

OpenSSL v1.0.1 is enough. Aki > On November 1, 2016 at 7:46 PM Ruga <ruga at protonmail.com> wrote: > > > Hello, > > We cannot upgrade from 2.2.24, because we use libressl and the newer > dovecot versions demand openssl v1.1. > > Please add the new library requirement to the INSTALL file. > > All the best. > > > > > > > >

Standard way to fix it (on the LibreSSL page) is to check for LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think catches them all where needed. Note the word think. It certainly appears to be working anyway with it. On 11/02/2016 04:07 AM, Aki Tuomi wrote: > After doing some testing by myself, I noticed that libressl, for some > unknown reason, defines > > #define

Hi! Those are used if #if OPENSSL_VERSION_NUMBER >= 0x10100000L So (your) libressl is providing this define. We compile our code using GCC and CLANG regularly, with OpenSSL v1.0.x which is the currently officially supported one. Aki On 02.11.2016 12:34, Ruga wrote: > dovecot 2.2.26.0 uses the following functions, which are not available on libressl 2.4.3: > > HMAC_CTX_new >

They have stated they are going to remain API compatible with 1.0.1h (or g, forget which they forked) - their new stuff is outside of libcrypto. On 11/02/2016 04:25 AM, Aki Tuomi wrote: > It does work today, I am just bit worried that it will keep on breaking > with libressl as they evolve their API. I would personally like to avoid > more ifdef hell if possible... > > Aki >

libressl is a leaner and safer openssl Sent from ProtonMail Mobile On Wed, Nov 2, 2016 at 12:39 PM, Michael A. Peters <'mpeters at domblogger.net'> wrote: IMHO it would be acceptable to have a LibreSSL patch that is maintained by the people who want it. It's free software, and that kind of is the point of Open Source. On 11/02/2016 04:36 AM, Michael A. Peters wrote: >

After doing some testing by myself, I noticed that libressl, for some unknown reason, defines #define OPENSSL_VERSION_NUMBER 0x20000000L No idea why they decided to advertise that they are OpenSSL v2.0.0. A local fix, if you need one, is to use #if OPENSSL_VERSION_NUMBER == 0x20000000L #define OPENSSL_VERSION_NUMBER 0x1000100L #endif in dcrypt-openssl.c after includes. Aki On

It does work today, I am just bit worried that it will keep on breaking with libressl as they evolve their API. I would personally like to avoid more ifdef hell if possible... Aki On 02.11.2016 13:22, Michael A. Peters wrote: > Standard way to fix it (on the LibreSSL page) is to check for > LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think > catches them all where

IMHO it would be acceptable to have a LibreSSL patch that is maintained by the people who want it. It's free software, and that kind of is the point of Open Source. On 11/02/2016 04:36 AM, Michael A. Peters wrote: > They have stated they are going to remain API compatible with 1.0.1h (or > g, forget which they forked) - their new stuff is outside of libcrypto. > > On 11/02/2016

dovecot 2.2.26.0 uses the following functions, which are not available on libressl 2.4.3: HMAC_CTX_new HMAC_CTX_free EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_RSA OBJ_length EVP_MD_CTX_new EVP_MD_CTX_free The result of calling a non-existent function is a runtime error, and we do not want that on production servers. There are additional problems. I recommend compiling with clang-llvm 3.9.0 to

Indeed, which is why I use it. But it also is in the minority which is why I find it acceptable for FLOSS projects like dovecot to elect to only un-officially support LibreSSL via a community maintained patch. One of the reasons why OpenSSL was forked is because they were trying to support so many platforms that it made the code a real mess. Don't want the same to happen to another

If the standard way works, I am happy to include the original patch I sent, amended so that it checks for presence of LIBRESSL_VERSION_NUMBER. If they keep this promise, then we should have no worries about things breaking up. Aki On 02.11.2016 14:24, Michael A. Peters wrote: > Indeed, which is why I use it. > > But it also is in the minority which is why I find it acceptable for

I don't believe that is the case. I have 2.2.26.0 and -git building and running on multiple systems now (two of which are Gentoo boxes) with LibreSSL-2.5 - and these systems do not have OpenSSL installed. Are you running an old version of LibreSSL perhaps? I *think* LibreSSL-2.4 was OK as well. Reuben On 2/11/2016 4:46 AM, Ruga wrote: > Hello, > > We cannot upgrade from

Hello, We cannot upgrade from 2.2.24, because we use libressl and the newer dovecot versions demand openssl v1.1. Please add the new library requirement to the INSTALL file. All the best. -------- Original Message -------- Subject: v2.2.26.0 released Local Time: 28 October 2016 6:51 PM UTC Time: 28 October 2016 16:51 From: tss at iki.fi To: dovecot-news at dovecot.org, Dovecot Mailing

Hello, Here is a Panic that happened while doing some testing with two servers both running Dovecot v2.2.26 on CentOS 7. These are test servers owning 32 accounts whose data were copied from our production server. What I've done is: server01# doveadm force-resync -A '*' server01# doveadm replicator replicate -f '*' For 5 accounts I obtained the following crash:

t_strftime and variants now .......................................... : ok test-time-util.c:123: Assert failed: strcmp(t_strftime(RFC2822_FMT, gmtime(&ts)), exp) == 0 test-time-util.c:124: Assert failed: strcmp(t_strfgmtime(RFC2822_FMT, ts), exp) == 0 t_strftime and variants fixed timestamp .............................. : FAILED timings 0

https://github.com/libressl-portable/portable/issues/278

Timo, re: What OS is this? OS 10.12.3 with Xcode 8.2.1 and the official clang 3.9.0 re: test-time-util.c t_strftime and variants now .......................................... : ok Info: 'Thu, 08 Dec 2016 18:42:16 +0100' test-time-util.c:124: Assert failed: strcmp(t_strftime(RFC2822_FMT, gmtime(&ts)), exp) == 0 Info: 'Thu, 08 Dec 2016 18:42:16 +0100'

On 5 Feb 2017, at 19.49, Timo Sirainen <tss at iki.fi> wrote: > > On 4 Feb 2017, at 20.03, Ruga <ruga at protonmail.com> wrote: >> >> https://github.com/libressl-portable/portable/issues/278 > > I've no idea why that would happen. The only idea I had got rejected by someone. Oh, that's with OSX. I think that's the reason. Nothing to do with

Hello Dovecot users, Here's the definitive 0.4.16 release. There were no changes since the release candidate. The reported replication issues are still open, since we haven't been able to reproduce them so far. Changelog v0.4.16: * Part of the Sieve extprograms implementation was moved to Dovecot, which means that this release depends on Dovecot v2.2.26+. * ManageSieve: The PUTSCRIPT

Hello Dovecot users, Here's the definitive 0.4.16 release. There were no changes since the release candidate. The reported replication issues are still open, since we haven't been able to reproduce them so far. Changelog v0.4.16: * Part of the Sieve extprograms implementation was moved to Dovecot, which means that this release depends on Dovecot v2.2.26+. * ManageSieve: The PUTSCRIPT