Message ID | 20200220083825.29131-1-arne@rfc2549.org |
---|---|
State | Rejected |
Headers | show |
Series | [Openvpn-devel] Fix float comparisons of OPENVPN_VERSION_NUMBER | expand |
Am 20.02.20 um 09:38 schrieb Arne Schwabe: > These checks are probably the result of copying a > check from the LibreSSL and modifying it to be > a OpenSSL check. For some arcane reason LibreSSL decided > that its version number should be a long float (double) rather > than an integer. > > Signed-off-by: Arne Schwabe <arne@rfc2549.org> > --- > src/openvpn/ssl_openssl.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c > index 21651a3e..bcdfb543 100644 > --- a/src/openvpn/ssl_openssl.c > +++ b/src/openvpn/ssl_openssl.c > @@ -231,7 +231,7 @@ tls_version_max(void) > * We only need to check this for OpenSSL versions that can be > * upgraded to 1.1.1 without recompile (>= 1.1.0) > */ > - if (OpenSSL_version_num() >= 0x1010100fL) > + if (OpenSSL_version_num() >= 0x1010100L) > { > return TLS_VER_1_3; > } > @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char *cipher_list, > crypto_msg(M_FATAL, "Cannot create SSL object"); > } > > -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \ > +#if (OPENSSL_VERSION_NUMBER < 0x1010000L) \ > || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL) > STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); > #else > @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char *cipher_list, > printf("%s\n", pair->iana_name); > } > } > -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) > +#if (OPENSSL_VERSION_NUMBER >= 0x1010000L) > sk_SSL_CIPHER_free(sk); > #endif > SSL_free(ssl); > Ignore that patch. I am not awake yet. the fL is not a suffix. LibreSSL has has its patch version to be 0f. Arne
чт, 20 февр. 2020 г. в 13:44, Arne Schwabe <arne@rfc2549.org>: > Am 20.02.20 um 09:38 schrieb Arne Schwabe: > > These checks are probably the result of copying a > > check from the LibreSSL and modifying it to be > > a OpenSSL check. For some arcane reason LibreSSL decided > > that its version number should be a long float (double) rather > > than an integer. > > > > Signed-off-by: Arne Schwabe <arne@rfc2549.org> > > --- > > src/openvpn/ssl_openssl.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c > > index 21651a3e..bcdfb543 100644 > > --- a/src/openvpn/ssl_openssl.c > > +++ b/src/openvpn/ssl_openssl.c > > @@ -231,7 +231,7 @@ tls_version_max(void) > > * We only need to check this for OpenSSL versions that can be > > * upgraded to 1.1.1 without recompile (>= 1.1.0) > > */ > > - if (OpenSSL_version_num() >= 0x1010100fL) > > + if (OpenSSL_version_num() >= 0x1010100L) > > { > > return TLS_VER_1_3; > > } > > @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char > *cipher_list, > > crypto_msg(M_FATAL, "Cannot create SSL object"); > > } > > > > -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \ > > +#if (OPENSSL_VERSION_NUMBER < 0x1010000L) \ > > || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= > 0x2090000fL) > > STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); > > #else > > @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char > *cipher_list, > > printf("%s\n", pair->iana_name); > > } > > } > > -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) > > +#if (OPENSSL_VERSION_NUMBER >= 0x1010000L) > > sk_SSL_CIPHER_free(sk); > > #endif > > SSL_free(ssl); > > > > > Ignore that patch. I am not awake yet. the fL is not a suffix. LibreSSL > has has its patch version to be 0f. > can you also close it here https://patchwork.openvpn.net/patch/1015/ ? to prevent someone from taking it accidently > > Arne > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > <div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">чт, 20 февр. 2020 г. в 13:44, Arne Schwabe <<a href="mailto:arne@rfc2549.org">arne@rfc2549.org</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Am 20.02.20 um 09:38 schrieb Arne Schwabe:<br> > These checks are probably the result of copying a<br> > check from the LibreSSL and modifying it to be<br> > a OpenSSL check. For some arcane reason LibreSSL decided<br> > that its version number should be a long float (double) rather<br> > than an integer.<br> > <br> > Signed-off-by: Arne Schwabe <<a href="mailto:arne@rfc2549.org" target="_blank">arne@rfc2549.org</a>><br> > ---<br> > src/openvpn/ssl_openssl.c | 6 +++---<br> > 1 file changed, 3 insertions(+), 3 deletions(-)<br> > <br> > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c<br> > index 21651a3e..bcdfb543 100644<br> > --- a/src/openvpn/ssl_openssl.c<br> > +++ b/src/openvpn/ssl_openssl.c<br> > @@ -231,7 +231,7 @@ tls_version_max(void)<br> > * We only need to check this for OpenSSL versions that can be<br> > * upgraded to 1.1.1 without recompile (>= 1.1.0)<br> > */<br> > - if (OpenSSL_version_num() >= 0x1010100fL)<br> > + if (OpenSSL_version_num() >= 0x1010100L)<br> > {<br> > return TLS_VER_1_3;<br> > }<br> > @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char *cipher_list,<br> > crypto_msg(M_FATAL, "Cannot create SSL object");<br> > }<br> > <br> > -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \<br> > +#if (OPENSSL_VERSION_NUMBER < 0x1010000L) \<br> > || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)<br> > STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);<br> > #else<br> > @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char *cipher_list,<br> > printf("%s\n", pair->iana_name);<br> > }<br> > }<br> > -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)<br> > +#if (OPENSSL_VERSION_NUMBER >= 0x1010000L)<br> > sk_SSL_CIPHER_free(sk);<br> > #endif<br> > SSL_free(ssl);<br> > <br> <br> <br> Ignore that patch. I am not awake yet. the fL is not a suffix. LibreSSL<br> has has its patch version to be 0f.<br></blockquote><div><br></div><div>can you also close it here <a href="https://patchwork.openvpn.net/patch/1015/">https://patchwork.openvpn.net/patch/1015/</a> ?</div><div>to prevent someone from taking it accidently<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <br> Arne<br> <br> _______________________________________________<br> Openvpn-devel mailing list<br> <a href="mailto:Openvpn-devel@lists.sourceforge.net" target="_blank">Openvpn-devel@lists.sourceforge.net</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/openvpn-devel" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/openvpn-devel</a><br> </blockquote></div></div>
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 21651a3e..bcdfb543 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -231,7 +231,7 @@ tls_version_max(void) * We only need to check this for OpenSSL versions that can be * upgraded to 1.1.1 without recompile (>= 1.1.0) */ - if (OpenSSL_version_num() >= 0x1010100fL) + if (OpenSSL_version_num() >= 0x1010100L) { return TLS_VER_1_3; } @@ -2104,7 +2104,7 @@ show_available_tls_ciphers_list(const char *cipher_list, crypto_msg(M_FATAL, "Cannot create SSL object"); } -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \ +#if (OPENSSL_VERSION_NUMBER < 0x1010000L) \ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL) STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); #else @@ -2134,7 +2134,7 @@ show_available_tls_ciphers_list(const char *cipher_list, printf("%s\n", pair->iana_name); } } -#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) +#if (OPENSSL_VERSION_NUMBER >= 0x1010000L) sk_SSL_CIPHER_free(sk); #endif SSL_free(ssl);
These checks are probably the result of copying a check from the LibreSSL and modifying it to be a OpenSSL check. For some arcane reason LibreSSL decided that its version number should be a long float (double) rather than an integer. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/ssl_openssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)