[PATCH] Support building with BoringSSL.
Mon Sep 29 14:25:32 PDT 2014
On Sun, Sep 28, 2014 at 10:31 AM, Jouni Malinen <j at w1.fi> wrote:
> Thanks! This looks mostly reasonable. Could you please read the top
> level CONTRIBUTIONS file (*) and provide Signed-off-by: line for the
> patch so that I can apply this?
> I'm still trying to support 0.9.8, so this will need to be made to use
> suitable #ifdef or maybe the cleanest options would be to just do
> something like this as a backwards compatibility wrapper:
> #if OPENSSL_VERSION_NUMBER < 0x10000000L
> #define ERR_remove_thread_state(tid) ERR_remove_state(0)
> I guess this is because of SSL_F_SSL_SET_SESSION_TICKET_EXT not being
> defined in BoringSSL. This could be cleaner to convert to
> OPENSSL_VERSION_NUMBER >= 0x10000000L (or something similar.. I don't
> remember why I ended up using SSL_F_SSL_SET_SESSION_TICKET_EXT instead..
> the early days (well, years..) of EAP-FAST support was somewhat of a
> mess with OpenSSL).
I check when each of these defines was added to OpenSSL:
SSL_OP_NO_TICKET - bbfc6ac0 (Sat Aug 11 2007)
SSL_F_SSL_SET_SESSION_TICKET_EXT - 12bf56c0 (Sat Nov 15 2008)
Thus I believe that 1.0.0 was the first release that included them and
have updated the #if accordingly.
Will resend the patch in a second. Thanks!
More information about the Hostap