| Message ID | 20230903142947.20906-1-orbea@riseup.net |
|---|---|
| State | Changes Requested |
| Headers |
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7300:390:b0:d7:3b0f:3938 with SMTP id 16csp689067dyq;
Sun, 3 Sep 2023 07:30:27 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IEGx7m4iDceEZ3w3W9I+HxMNki7TC+RGAuvHRaqa8xPZcRusEQao8O+ILWxh2M9/P8kzULR
X-Received: by 2002:a17:903:234f:b0:1bb:d7d4:e2b with SMTP id
c15-20020a170903234f00b001bbd7d40e2bmr9283860plh.0.1693751427483;
Sun, 03 Sep 2023 07:30:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1693751427; cv=none;
d=google.com; s=arc-20160816;
b=kxnLibMU4w9+NZJlkB/E5b7WDDtXxb4nyRqp/66gfgPFOEKx5jTBvwpmtn7wVQWP3K
FLZ/2f4G/Hde+3DcgB/9DYblfWK9NnwB9AUjMky+Qy0o6oQlwdR+Dz7PNf7VA0Y0xpDo
Mc1V1niTxdeaGfrM42iPVbkpHiZOe2NzD8HUM+Exms1DQxe2idUfCK2J+EU29UT+uEfl
FZ9YtD4wNFcoy0XRcmtS41qUC1uT+2fOZIk8Zcl3k1mR7PvrR0999SH+q3VtOxmgikHm
41rKOrYQ/GUumv4q1oh9BMSI0BhjWQV6d0KKITDdYcj/jf6pND6QTRvMvxEIC6Z766dB
pRpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:message-id:date:to:from:dkim-signature:dkim-signature
:dkim-signature;
bh=dcrXhlw345BH/vSvVydtpYtaAAjdW4Ir/3JNQqmHiio=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=D7okMqibqcgKxvzslO2quCQNzagfqb0H/z4wKBsWxQkJxY954yngn9CtzPc70ceB/q
Cr4zyTUaF1yTJEuUBKlMHftYC01ejpeNjAv+lWmlZUBSwCnIrPzzaDtt2tZOnq5VYCrO
9rZht3C6IIz1XkA4jQuJ6vrgWJbwXynSbYHqe7zgcP2FGsh5SownLMX46c+P4EA/kj/M
SAd4M+bfOPqq5a0B0IVHAkZjCieBbsPqkuAfpUBYxupNWLrSN3mpCPqcp4fXxwjs1xO2
tyrjuGW/2x2Md44VzlrAEnWBniyPbbWdFggYwJ5uxTYOe5wcKIVJHK2Xt2aqb/He33/u
IhaQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=ZqGV7m+s;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=SDsKHyVt;
dkim=neutral (body hash did not verify) header.i=@riseup.net
header.s=squak header.b="jVqF/DLA";
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=riseup.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
m16-20020a170902db1000b001bb29476f47si6364755plx.503.2023.09.03.07.30.27
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Sun, 03 Sep 2023 07:30:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=ZqGV7m+s;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=SDsKHyVt;
dkim=neutral (body hash did not verify) header.i=@riseup.net
header.s=squak header.b="jVqF/DLA";
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=riseup.net
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1qco6w-0002V8-IL;
Sun, 03 Sep 2023 14:29:58 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <orbea@riseup.net>) id 1qco6u-0002V2-S9
for openvpn-devel@lists.sourceforge.net;
Sun, 03 Sep 2023 14:29:56 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID:
Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=r1CJDUk75fV0fYETKy2VX8qJ9cmEOmmIpSNKT2H7pY0=; b=ZqGV7m+sCz0XZbftDWsOln/s2T
RbNq0yshnXxODdV8HBO1KYBmGBexeaXKTQWXTr7W8hBlK8R/ulqysZimcpfvIY8Q3DPp7/Aa8WnDN
ncAoXhm5WOts4uagfXsDk9/ki6Skq9JYYD4wxKQoAWQpHxPrypeHW0cG/MnV7h3MXDds=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From
:Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:
Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
List-Owner:List-Archive; bh=r1CJDUk75fV0fYETKy2VX8qJ9cmEOmmIpSNKT2H7pY0=; b=S
DsKHyVtgdfIGA8XQJy3co4nH8EmQAtyHaf/7uFR4GVMGmkDgF/lnHjPQ/OVBhjCrrNer4iu/gF7s6
CuuPEF+fjRlr3xQ6AWSFqy69yhh+5W4VvNXw6zMfC3Sik88PBEmsmvD1ZhIRg4YGIh7odLmHYRHB4
vW+a12taWQjFQkX8=;
Received: from mx0.riseup.net ([198.252.153.6])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1qco6s-00055t-N5 for openvpn-devel@lists.sourceforge.net;
Sun, 03 Sep 2023 14:29:56 +0000
Received: from fews01-sea.riseup.net (fews01-sea-pn.riseup.net [10.0.1.109])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
SHA256)
(No client certificate requested)
by mx0.riseup.net (Postfix) with ESMTPS id 4RdvL51tTlz9tCm
for <openvpn-devel@lists.sourceforge.net>;
Sun, 3 Sep 2023 14:29:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
t=1693751389; bh=Wxd+irrQCsawAlthTSgRSLrZq6KaT9C3NoGqacjUd8I=;
h=From:To:Cc:Subject:Date:From;
b=jVqF/DLA3vUWocKkSS789c8AN7waRhXNXJosagF2CDWKGHFgn1zGv71F2Og8WpuIH
Ip0p4ZSFOofx6GALYdkb2d9nOeVs69Ph0BntiB/ASo8HQNgK1p7Bgoh/qlrg0qQI/P
8pIREWDm3TrNoyhiOzWwSnEIAa1zFvJh+pb2m63g=
X-Riseup-User-ID:
3138E5BEB3FD8EA82BE9C8B7C51A51D100179367F27F592ED6E645DCB486F51E
Received: from [127.0.0.1] (localhost [127.0.0.1])
by fews01-sea.riseup.net (Postfix) with ESMTPSA id 4RdvL46wLnzJq9H;
Sun, 3 Sep 2023 14:29:48 +0000 (UTC)
From: orbea@riseup.net
To: openvpn-devel@lists.sourceforge.net
Date: Sun, 3 Sep 2023 07:29:47 -0700
Message-ID: <20230903142947.20906-1-orbea@riseup.net>
MIME-Version: 1.0
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-2.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: orbea <orbea@riseup.net> Starting with LibreSSL 3.8.1
the engines have been removed which causes the OpenVPN build to fail. This
can be solved during configure by checking if OPENSSL_NO_ENGINE is defined
in opensslconf.h. --- [...]
Content analysis details: (-0.9 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust [198.252.153.6 listed in list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1qco6s-00055t-N5
Subject: [Openvpn-devel] [PATCH] configure: disable engines if
OPENSSL_NO_ENGINE is defined
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1776027096794903530?=
X-GMAIL-MSGID: =?utf-8?q?1776027096794903530?=
|
| Series |
[Openvpn-devel] configure: disable engines if OPENSSL_NO_ENGINE is defined
|
|
Commit Message
orbea
Sept. 3, 2023, 2:29 p.m. UTC
From: orbea <orbea@riseup.net>
Starting with LibreSSL 3.8.1 the engines have been removed which causes
the OpenVPN build to fail. This can be solved during configure by
checking if OPENSSL_NO_ENGINE is defined in opensslconf.h.
---
configure.ac | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
Hi, On 03/09/2023 16:29, orbea@riseup.net wrote: > From: orbea <orbea@riseup.net> > > Starting with LibreSSL 3.8.1 the engines have been removed which causes > the OpenVPN build to fail. This can be solved during configure by > checking if OPENSSL_NO_ENGINE is defined in opensslconf.h. > --- > configure.ac | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/configure.ac b/configure.ac > index 2f65cbd5..b5a835dc 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -926,11 +926,12 @@ if test "${with_crypto_library}" = "openssl"; then > AC_COMPILE_IFELSE( > [AC_LANG_PROGRAM( > [[ > + #include <openssl/opensslconf.h> > #include <openssl/opensslv.h> > ]], > [[ > /* Version encoding: MNNFFPPS - see opensslv.h for details */ > - #if OPENSSL_VERSION_NUMBER >= 0x30000000L > + #if OPENSSL_VERSION_NUMBER >= 0x30000000L || defined(OPENSSL_NO_ENGINE) > #error Engine supported disabled by default in OpenSSL 3.0+ Maybe the message should be changed now? Or we could have an entirely different message for this case? Cheers, > #endif > ]]
On Sun, 3 Sep 2023 16:47:31 +0200 Antonio Quartulli <a@unstable.cc> wrote: > Hi, > > On 03/09/2023 16:29, orbea@riseup.net wrote: > > From: orbea <orbea@riseup.net> > > > > Starting with LibreSSL 3.8.1 the engines have been removed which > > causes the OpenVPN build to fail. This can be solved during > > configure by checking if OPENSSL_NO_ENGINE is defined in > > opensslconf.h. --- > > configure.ac | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/configure.ac b/configure.ac > > index 2f65cbd5..b5a835dc 100644 > > --- a/configure.ac > > +++ b/configure.ac > > @@ -926,11 +926,12 @@ if test "${with_crypto_library}" = "openssl"; > > then AC_COMPILE_IFELSE( > > [AC_LANG_PROGRAM( > > [[ > > + #include <openssl/opensslconf.h> > > #include <openssl/opensslv.h> > > ]], > > [[ > > /* Version encoding: MNNFFPPS - see > > opensslv.h for details */ > > - #if OPENSSL_VERSION_NUMBER >= 0x30000000L > > + #if OPENSSL_VERSION_NUMBER >= 0x30000000L || > > defined(OPENSSL_NO_ENGINE) #error Engine supported disabled by > > default in OpenSSL 3.0+ > > Maybe the message should be changed now? Or we could have an entirely > different message for this case? > > Cheers, > > > #endif > > ]] > Do you think it might be preferable to only check OPENSSL_NO_ENGINE? I see other code bases such as Tor only checking that define.
On Sun, 3 Sep 2023 09:17:21 -0700 orbea <orbea@riseup.net> wrote: > On Sun, 3 Sep 2023 16:47:31 +0200 > Antonio Quartulli <a@unstable.cc> wrote: > > > Hi, > > > > On 03/09/2023 16:29, orbea@riseup.net wrote: > > > From: orbea <orbea@riseup.net> > > > > > > Starting with LibreSSL 3.8.1 the engines have been removed which > > > causes the OpenVPN build to fail. This can be solved during > > > configure by checking if OPENSSL_NO_ENGINE is defined in > > > opensslconf.h. --- > > > configure.ac | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/configure.ac b/configure.ac > > > index 2f65cbd5..b5a835dc 100644 > > > --- a/configure.ac > > > +++ b/configure.ac > > > @@ -926,11 +926,12 @@ if test "${with_crypto_library}" = > > > "openssl"; then AC_COMPILE_IFELSE( > > > [AC_LANG_PROGRAM( > > > [[ > > > + #include <openssl/opensslconf.h> > > > #include <openssl/opensslv.h> > > > ]], > > > [[ > > > /* Version encoding: MNNFFPPS - see > > > opensslv.h for details */ > > > - #if OPENSSL_VERSION_NUMBER >= 0x30000000L > > > + #if OPENSSL_VERSION_NUMBER >= 0x30000000L || > > > defined(OPENSSL_NO_ENGINE) #error Engine supported disabled by > > > default in OpenSSL 3.0+ > > > > Maybe the message should be changed now? Or we could have an > > entirely different message for this case? > > > > Cheers, > > > > > #endif > > > ]] > > > > Do you think it might be preferable to only check OPENSSL_NO_ENGINE? I > see other code bases such as Tor only checking that define. > > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel Here is a patch that preserves the version check and adds a second check for OPENSSL_NO_ENGINE which seems to also be useful for BoringSSL. From d6700ec0f5af2522bb4eb136d3760f5b1445c9d1 Mon Sep 17 00:00:00 2001 From: orbea <orbea@riseup.net> Date: Sat, 2 Sep 2023 23:06:22 -0700 Subject: [PATCH] configure: disable engines if OPENSSL_NO_ENGINE is defined Starting with LibreSSL 3.8.1 the engines have been removed which causes the OpenVPN build to fail. This can be solved during configure by checking if OPENSSL_NO_ENGINE is defined in opensslconf.h. --- configure.ac | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 2f65cbd5..1adfb9d4 100644 --- a/configure.ac +++ b/configure.ac @@ -927,11 +927,17 @@ if test "${with_crypto_library}" = "openssl"; then [AC_LANG_PROGRAM( [[ #include <openssl/opensslv.h> + #include <openssl/opensslconf.h> ]], [[ /* Version encoding: MNNFFPPS - see opensslv.h for details */ #if OPENSSL_VERSION_NUMBER >= 0x30000000L - #error Engine supported disabled by default in OpenSSL 3.0+ + #error Engine support disabled by default in OpenSSL 3.0+ + #endif + + /* BoringSSL and LibreSSL >= 3.8.1 removed engine support */ + #ifdef OPENSSL_NO_ENGINE + #error Engine support disabled by default in openssl/opensslconf.h #endif ]] )],
Hi, On 03/09/2023 18:55, orbea wrote: > Here is a patch that preserves the version check and adds a second > check for OPENSSL_NO_ENGINE which seems to also be useful for BoringSSL. > I prefer this version, but I'll let other chime in. On top of that I think we may need a proper v2 PATCH having no extra body, as I am not sure your message can be properly parsed by git-am. Cheers, > From d6700ec0f5af2522bb4eb136d3760f5b1445c9d1 Mon Sep 17 00:00:00 2001 > From: orbea <orbea@riseup.net> > Date: Sat, 2 Sep 2023 23:06:22 -0700 > Subject: [PATCH] configure: disable engines if OPENSSL_NO_ENGINE is defined > > Starting with LibreSSL 3.8.1 the engines have been removed which causes > the OpenVPN build to fail. This can be solved during configure by > checking if OPENSSL_NO_ENGINE is defined in opensslconf.h. > --- > configure.ac | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/configure.ac b/configure.ac > index 2f65cbd5..1adfb9d4 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -927,11 +927,17 @@ if test "${with_crypto_library}" = "openssl"; then > [AC_LANG_PROGRAM( > [[ > #include <openssl/opensslv.h> > + #include <openssl/opensslconf.h> > ]], > [[ > /* Version encoding: MNNFFPPS - see opensslv.h for details */ > #if OPENSSL_VERSION_NUMBER >= 0x30000000L > - #error Engine supported disabled by default in OpenSSL 3.0+ > + #error Engine support disabled by default in OpenSSL 3.0+ > + #endif > + > + /* BoringSSL and LibreSSL >= 3.8.1 removed engine support */ > + #ifdef OPENSSL_NO_ENGINE > + #error Engine support disabled by default in openssl/opensslconf.h > #endif > ]] > )],
Hi, On Sun, Sep 03, 2023 at 08:15:05PM +0200, Antonio Quartulli wrote: > On 03/09/2023 18:55, orbea wrote: > > Here is a patch that preserves the version check and adds a second > > check for OPENSSL_NO_ENGINE which seems to also be useful for BoringSSL. > > I prefer this version, but I'll let other chime in. > On top of that I think we may need a proper v2 PATCH having no extra body, > as I am not sure your message can be properly parsed by git-am. It should be fine, and if not, I'll massage it to make it go in. gert
On Sun, 3 Sep 2023 21:22:15 +0200 Gert Doering <gert@greenie.muc.de> wrote: > Hi, > > On Sun, Sep 03, 2023 at 08:15:05PM +0200, Antonio Quartulli wrote: > > On 03/09/2023 18:55, orbea wrote: > > > Here is a patch that preserves the version check and adds a second > > > check for OPENSSL_NO_ENGINE which seems to also be useful for > > > BoringSSL. > > > > I prefer this version, but I'll let other chime in. > > On top of that I think we may need a proper v2 PATCH having no > > extra body, as I am not sure your message can be properly parsed by > > git-am. > > It should be fine, and if not, I'll massage it to make it go in. > > gert Thank you, the patch was generated with 'git format-patch' so I would think 'git am' can consume it, but please let me know if there is anything else I can change.
Hi, On Sun, Sep 03, 2023 at 01:44:13PM -0700, orbea wrote: > Thank you, the patch was generated with 'git format-patch' so I would > think 'git am' can consume it, but please let me know if there is > anything else I can change. For the sake of the archives (so, nothing to do for you now) - what we usually do is, for a v2 of the patch, to tag it as such, and use git-send-email to send it $ git-send-email -v2 --in-reply-to=$original-message-id -1 this will make it show up with a nice "[PATCH v2]" on the list, threaded to the original v1. gert
Hi, so the v2 patch itself is good, but... On Sun, Sep 03, 2023 at 09:55:45AM -0700, orbea wrote: > From d6700ec0f5af2522bb4eb136d3760f5b1445c9d1 Mon Sep 17 00:00:00 2001 > From: orbea <orbea@riseup.net> ... it would be really preferred to have a real author name here, and a "Signed-off-by:" line (git commit -s), and... > Date: Sat, 2 Sep 2023 23:06:22 -0700 > Subject: [PATCH] configure: disable engines if OPENSSL_NO_ENGINE is defined > > Starting with LibreSSL 3.8.1 the engines have been removed which causes > the OpenVPN build to fail. This can be solved during configure by > checking if OPENSSL_NO_ENGINE is defined in opensslconf.h. > --- [..] > + /* BoringSSL and LibreSSL >= 3.8.1 removed engine support */ > + #ifdef OPENSSL_NO_ENGINE > + #error Engine support disabled by default in openssl/opensslconf.h > #endif ... I think the "by default" needs to go from this #error - it's disabled, period. "disabled by default" is the OpenSSL 3.0 thing... (The code change itself looks reasonable, and passes our GHA build farm with various OSes and mbedTLS / OpenSSL 1.1 / OpenSSL 3.0) gert
diff --git a/configure.ac b/configure.ac index 2f65cbd5..b5a835dc 100644 --- a/configure.ac +++ b/configure.ac @@ -926,11 +926,12 @@ if test "${with_crypto_library}" = "openssl"; then AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ + #include <openssl/opensslconf.h> #include <openssl/opensslv.h> ]], [[ /* Version encoding: MNNFFPPS - see opensslv.h for details */ - #if OPENSSL_VERSION_NUMBER >= 0x30000000L + #if OPENSSL_VERSION_NUMBER >= 0x30000000L || defined(OPENSSL_NO_ENGINE) #error Engine supported disabled by default in OpenSSL 3.0+ #endif ]]