[PATCH] Support building with BoringSSL.

Adam Langley agl at google.com
Mon Sep 29 17:25:32 EDT 2014


On Sun, Sep 28, 2014 at 10:31 AM, Jouni Malinen <j at w1.fi> wrote:
> Thanks! This looks mostly reasonable. Could you please read the top
> level CONTRIBUTIONS file (*) and provide Signed-off-by: line for the
> patch so that I can apply this?

Done.

> I'm still trying to support 0.9.8, so this will need to be made to use
> suitable #ifdef or maybe the cleanest options would be to just do
> something like this as a backwards compatibility wrapper:
>
> #if OPENSSL_VERSION_NUMBER < 0x10000000L
> #define ERR_remove_thread_state(tid) ERR_remove_state(0)
> #endif

Done.

> I guess this is because of SSL_F_SSL_SET_SESSION_TICKET_EXT not being
> defined in BoringSSL. This could be cleaner to convert to
> OPENSSL_VERSION_NUMBER >= 0x10000000L (or something similar.. I don't
> remember why I ended up using SSL_F_SSL_SET_SESSION_TICKET_EXT instead..
> the early days (well, years..) of EAP-FAST support was somewhat of a
> mess with OpenSSL).

I check when each of these defines was added to OpenSSL:

SSL_OP_NO_TICKET - bbfc6ac0 (Sat Aug 11 2007)
SSL_F_SSL_SET_SESSION_TICKET_EXT - 12bf56c0 (Sat Nov 15 2008)

Thus I believe that 1.0.0 was the first release that included them and
have updated the #if accordingly.

Will resend the patch in a second. Thanks!


Cheers

AGL


More information about the HostAP mailing list