[squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

Alex Rousskov rousskov at measurement-factory.com
Wed Feb 1 18:04:50 UTC 2017


On 02/01/2017 08:20 AM, Marcus Kool wrote:
>> Do you think we can compromise and call it USE_OPENSSL_OR_LIBRESSL ?

> or call it USE_OPENSSL_API
> 
> and then the code will eventually have none or few occurrences of
> USE_OPENSSL and USE_LIBRESSL to deal with OpenSSL and LibreSSL specifics.

Yes, and I have suggested this natural solution before (and again a few
minutes ago). The correct decision making algorithm is really simple if
you start from the right end:

1. Agree to continue to use a single primary SSL guard macro. Ignore its
exact spelling of that macro for now. Agree that it _means_ that Squid
is configured to use an OpenSSL API (which has many
implementations/flavors).

2. Discuss weather --with-libressl is necessary or there is a better way
to detect LibreSSL presence.

3a. If --with-libressl is necessary, rename USE_OPENSSL to
USE_OPENSSL_API and add code to set that renamed macro. ./configure will
set USE_OPENSSL and USE_LIBRESSL, of course.

3b. Otherwise, do not rename USE_OPENSSL. ./configure will continue to
set it when building with OpenSSL or LibreSSL libraries, of course.

4. Add code to fix bug 4662.


Alex.



More information about the squid-dev mailing list