similar to: v2.2.27 released --- libressl

If the standard way works, I am happy to include the original patch I sent, amended so that it checks for presence of LIBRESSL_VERSION_NUMBER. If they keep this promise, then we should have no worries about things breaking up. Aki On 02.11.2016 14:24, Michael A. Peters wrote: > Indeed, which is why I use it. > > But it also is in the minority which is why I find it acceptable for

On 2016-11-02, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > If the standard way works, I am happy to include the original patch I > sent, amended so that it checks for presence of LIBRESSL_VERSION_NUMBER. > If they keep this promise, then we should have no worries about things > breaking up. Diff below is what I've added to OpenBSD ports. The libressl API is not cast in

Standard way to fix it (on the LibreSSL page) is to check for LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think catches them all where needed. Note the word think. It certainly appears to be working anyway with it. On 11/02/2016 04:07 AM, Aki Tuomi wrote: > After doing some testing by myself, I noticed that libressl, for some > unknown reason, defines > > #define

They have stated they are going to remain API compatible with 1.0.1h (or g, forget which they forked) - their new stuff is outside of libcrypto. On 11/02/2016 04:25 AM, Aki Tuomi wrote: > It does work today, I am just bit worried that it will keep on breaking > with libressl as they evolve their API. I would personally like to avoid > more ifdef hell if possible... > > Aki >

libressl is a leaner and safer openssl Sent from ProtonMail Mobile On Wed, Nov 2, 2016 at 12:39 PM, Michael A. Peters <'mpeters at domblogger.net'> wrote: IMHO it would be acceptable to have a LibreSSL patch that is maintained by the people who want it. It's free software, and that kind of is the point of Open Source. On 11/02/2016 04:36 AM, Michael A. Peters wrote: >

Results from the application of the following patch from Aki. perl -i -ple 's|^(\s*#include <openssl/opensslv.h>\s*)$|$1\n\t#if OPENSSL_VERSION_NUMBER == 0x20000000L\n\t#define OPENSSL_VERSION_NUMBER 0x10001000L\n\t#endif|' configure.ac; -------------- next part -------------- A non-text attachment was scrubbed... Name: compiler-stderr.log Type: application/octet-stream Size: 16045

It does work today, I am just bit worried that it will keep on breaking with libressl as they evolve their API. I would personally like to avoid more ifdef hell if possible... Aki On 02.11.2016 13:22, Michael A. Peters wrote: > Standard way to fix it (on the LibreSSL page) is to check for > LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think > catches them all where

IMHO it would be acceptable to have a LibreSSL patch that is maintained by the people who want it. It's free software, and that kind of is the point of Open Source. On 11/02/2016 04:36 AM, Michael A. Peters wrote: > They have stated they are going to remain API compatible with 1.0.1h (or > g, forget which they forked) - their new stuff is outside of libcrypto. > > On 11/02/2016

Hi! Those are used if #if OPENSSL_VERSION_NUMBER >= 0x10100000L So (your) libressl is providing this define. We compile our code using GCC and CLANG regularly, with OpenSSL v1.0.x which is the currently officially supported one. Aki On 02.11.2016 12:34, Ruga wrote: > dovecot 2.2.26.0 uses the following functions, which are not available on libressl 2.4.3: > > HMAC_CTX_new >

Indeed, which is why I use it. But it also is in the minority which is why I find it acceptable for FLOSS projects like dovecot to elect to only un-officially support LibreSSL via a community maintained patch. One of the reasons why OpenSSL was forked is because they were trying to support so many platforms that it made the code a real mess. Don't want the same to happen to another

On 25 Feb 2017, at 21.54, Timo Sirainen <tss at iki.fi> wrote: > > Oh, I forgot to remove the #if OPENSSL_VERSION_NUMBER checks from lib-dcrypt. Will be removed in v2.2.29. Attached the planned patch that should do it. Well that didn't work with <v1.1. Maybe this one. -------------- next part -------------- A non-text attachment was scrubbed... Name: openssl.diff Type:

On Fri, 12 Oct 2018, Jakub Jelen wrote: > Something like this can be used to properly initialize new OpenSSL > versions: > > @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long libver) > void > ssh_OpenSSL_add_all_algorithms(void) > { > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > OpenSSL_add_all_algorithms(); > > /* Enable use of crypto

t_strftime and variants now .......................................... : ok test-time-util.c:123: Assert failed: strcmp(t_strftime(RFC2822_FMT, gmtime(&ts)), exp) == 0 test-time-util.c:124: Assert failed: strcmp(t_strfgmtime(RFC2822_FMT, ts), exp) == 0 t_strftime and variants fixed timestamp .............................. : FAILED timings 0

After doing some testing by myself, I noticed that libressl, for some unknown reason, defines #define OPENSSL_VERSION_NUMBER 0x20000000L No idea why they decided to advertise that they are OpenSSL v2.0.0. A local fix, if you need one, is to use #if OPENSSL_VERSION_NUMBER == 0x20000000L #define OPENSSL_VERSION_NUMBER 0x1000100L #endif in dcrypt-openssl.c after includes. Aki On

Timo, re: What OS is this? OS 10.12.3 with Xcode 8.2.1 and the official clang 3.9.0 re: test-time-util.c t_strftime and variants now .......................................... : ok Info: 'Thu, 08 Dec 2016 18:42:16 +0100' test-time-util.c:124: Assert failed: strcmp(t_strftime(RFC2822_FMT, gmtime(&ts)), exp) == 0 Info: 'Thu, 08 Dec 2016 18:42:16 +0100'

On 25 Feb 2017, at 21.11, Ruga <ruga at protonmail.com> wrote: > > t_strftime and variants now .......................................... : ok > > > test-time-util.c:123: Assert failed: strcmp(t_strftime(RFC2822_FMT, gmtime(&ts)), exp) == 0 > > > test-time-util.c:124: Assert failed: strcmp(t_strfgmtime(RFC2822_FMT, ts), exp) == 0 > > > t_strftime

t?st? j?i p?tsi =) Aki On 2017-02-25 22:08, Timo Sirainen wrote: > On 25 Feb 2017, at 21.54, Timo Sirainen <tss at iki.fi> wrote: >> Oh, I forgot to remove the #if OPENSSL_VERSION_NUMBER checks from lib-dcrypt. Will be removed in v2.2.29. Attached the planned patch that should do it. > Well that didn't work with <v1.1. Maybe this one. > > > >

Silly thunderbird, does not understand that "reply to sender" should reply to sender... Aki On 2017-02-25 23:40, Aki Tuomi wrote: > t?st? j?i p?tsi =) > > Aki > > > On 2017-02-25 22:08, Timo Sirainen wrote: >> On 25 Feb 2017, at 21.54, Timo Sirainen <tss at iki.fi> wrote: >>> Oh, I forgot to remove the #if OPENSSL_VERSION_NUMBER checks from

Hi, For some reason I've never been able to build x64 dovecot rpm package, no matter how I try, I'm still getting lib64 errors, first tried few years on centos 5, ok I know this is old distro, then few years tried with centos 6 (and wrote here also - CentOS x64 compilation fails), supported distro, no luck, now installed centos 7 and still no luck, so seems it's not about centos or

Well, but not for centos 5 and also these rpm are including a lot stuff what I don't need. But I will check the src rpm -s from repo and diff these specs with my current ones. Mart Aki Tuomi wrote: > We provide rpm packages for centos 6&7 at https://repo.dovecot.org if you want > to try them? > > Aki >> On 15/12/2019 13:01 Mart Pirita < mart at e-positive.ee