[squid-dev] [PATCH] Bug 4662 adding --with-libressl build option
Alex Rousskov
rousskov at measurement-factory.com
Mon Jan 30 18:04:57 UTC 2017
On 01/29/2017 04:26 AM, Amos Jeffries wrote:
> This is I think all we need to do code-wise to resolve the Bug 4662
> issues with LibreSSL being incompatible with OpenSSL 1.1.
>
> The libraries cannot both be linked either way. If both --with-* options
> are provided LibreSSL currently overrides OpenSSL. I picked that
> preference order because AFAICS the LibreSSL has the lower overall
> security footprint while providing the same (or better) needed
> functionality.
>
>
> NP: If there are no objections I would like to fast-track this and apply
> in ~3 days (allowing for today being a sunday) for a slightly late
> 4.0.18 beta.
I do not think these changes should be committed. As you probably know
from earlier communication, I think we should avoid using both
USE_OPENSSL and USE_LIBRESSL in the code if LibreSSL is [treated as] a
replacement for OpenSSL. I have suggested several ways to avoid the
dangerous and needless repetition of (USE_OPENSSL || USE_LIBRESSL)
conditions, and we even seemed to agree on one of those solutions.
FWIW, I do not think bug 4662 blocks 4.0.18 beta.
Alex.
More information about the squid-dev
mailing list